CVE-2024-48746

Summary

CVE-2024-48746 is a newly discovered vulnerability affecting the Lens Visual integration with Power BI version 4.0.0.3. This issue grants remote attackers the ability to execute arbitrary code through the Natural Language Processing (NLP) component of the integration. By exploiting this vulnerability, malicious actors can inject malicious code, potentially leading to unauthorized data access or system compromise. The NLP component, designed to facilitate data analysis using natural language queries, has instead become a vector for attacks. Organizations using this version of Lens Visual integration with Power BI are advised to apply patches or updates as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.