9.8
CVE-2024-49035
- EPSS 5.81%
- Published 26.11.2024 20:15:31
- Last modified 27.02.2025 02:00:01
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Partner Center Version-
25.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Partner Center Improper Access Control Vulnerability
VulnerabilityMicrosoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.
DescriptionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.81% | 0.902 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| secure@microsoft.com | 8.7 | 2.3 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.