CVE-2024-43479

Published: Sep 10, 2024Modified: Sep 13, 2024

8.5

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 6.0

Source: secure@microsoft.com (Secondary)

Description

Microsoft Power Automate Desktop Remote Code Execution Vulnerability

Affected (7)

Products: Microsoft: Power Automate

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Microsoft Power Automate	From 2.41 to 2.41.178.24249
Microsoft Power Automate	From 2.42 to 2.42.331.24249
Microsoft Power Automate	From 2.43 to 2.43.249.24249
Microsoft Power Automate	From 2.44 to 2.44.55.24249
Microsoft Power Automate	From 2.45 to 2.45.404.24249
Microsoft Power Automate	From 2.46 to 2.46.181.24249
Microsoft Power Automate	From 2.47 to 2.47.119.24249

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43479

Source: secure@microsoft.com

PatchVendor Advisory

Timeline

No history available yet.