CVE-2020-1173

MEDIUM

Microsoft Power BI Report Server - Spoofing via Attachment Content-Type Validation

Title source: llm
STIX 2.1

Description

A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka 'Microsoft Power BI Report Server Spoofing Vulnerability'.

References (1)

Core 1
Core References

Scores

CVSS v3 6.8
EPSS 0.0239
EPSS Percentile 81.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (1)
microsoft/power_bi_report_server
Published May 21, 2020
Tracked Since Feb 18, 2026