CVE-2024-43479 HIGH

CVE-2024-43479: Microsoft Power Automate Desktop Remote Code Execution Vulnerability

Vendor Microsoft

Product Power Automate for Desktop

Weakness CWE-284

Published September 10, 2024

Last update December 31, 2024

CVSS base score

8.5/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

What the vulnerability does

01Description

Microsoft Power Automate Desktop Remote Code Execution Vulnerability

Key dates

September 10, 2024 CVE published

December 31, 2024 Record updated

External resources

Related vulnerabilities

CVE CVE-2024-43479

CWE CWE-284

CVSS 8.5 / HIGH

Vendor Microsoft

Product Power Automate for Desktop

Affected ≥ 1.0.0.0 and < 2.47.119.24249