Microsoft On-Premises Data Gateway
Moderate fix1 remedy
cpe:2.3:a:microsoft:on-prem_data_gateway:*:*:*:*:*:*:*
Moderate fix1 remedy
Microsoft On-Premises Data Gateway Information Disclosure Vulnerability
Vulnerability
Patched
A vulnerability allowing information disclosure has been identified in the Microsoft On-Premises Data Gateway. This issue arises when a SAP HANA data source is configured to use single sign-on (SSO). Successful exploitation could allow an attacker to access data from the targeted Power BI dashboard, depending on the privileges of the compromised user.
Impact
Exploitation of this vulnerability could lead to unauthorized access to information in Power BI dashboards, with the extent of the data accessible depending on the privileges of the affected user.
Remediation
Customers using the On-Premises Data Gateway with a SAP HANA data source configured for single sign-on (SSO) should update their gateway to the latest version. The January 2025 update includes the necessary patch. More information about the update can be found in the release notes.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
2.5exploitability
4.2remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.