Jun 2024: Microsoft Dataverse Remote Code Execution Vulnerability
CVE-2024-35260 Published on June 27, 2024
Microsoft Dataverse Remote Code Execution Vulnerability
An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network.
Weakness Type
What is an Untrusted Path Vulnerability?
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
CVE-2024-35260 has been classified to as an Untrusted Path vulnerability or weakness.
Products Associated with CVE-2024-35260
stack.watch emails you whenever new vulnerabilities are published in Microsoft Power Platform or Microsoft Dataverse. Just hit a watch button to start following.
Affected Versions
Microsoft Power Platform Version N/A is affected by CVE-2024-35260Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.