QID 91982
Date Published: 2023-02-15
QID 91982: Microsoft Power BI Report Server Update for February 2023
Power BI Report Server, available as part of Power BI Premium, enables on-premises web and mobile viewing of Power BI reports, plus the enterprise reporting capabilities of SQL Server Reporting Services.
Affected Versions:
Power BI Report Server (September 2022) - file version: 15.0.1110.135
Power BI Report Server (September 2022)- file version: 15.0.1110.120
Power BI Report Server (May 2022)- file version: 15.0.1108.297
QID Detection Logic:
This authenticated QID detects vulnerable versions of RSHostingService.exe by fetching the service installed path from the HKLM\SYSTEM\CurrentControlSet\Services\PowerBIReportServer registry key.
Successful exploitation can lead to spoofing vulnerability
Solution
Customers are advised to refer to CVE-2023-21806 for more information pertaining to this vulnerability.
Vendor References
- CVE-2023-21806 -
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21806
CVEs related to QID 91982
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| CVE-2023-21806 |
|