CVE-2024-49035

Warnung

EPSS 5.81%
Veröffentlicht 26.11.2024 20:15:31
Zuletzt bearbeitet 27.02.2025 02:00:01
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.

Betroffene Produkte Warnungen 1 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Partner Center Version-

25.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Partner Center Improper Access Control Vulnerability

Schwachstelle

Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.81%	0.902

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
secure@microsoft.com	8.7	2.3	5.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49035

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-49035

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-49035

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-49035

EUVD