Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-21421 (GCVE-0-2024-21421)
Vulnerability from cvelistv5 – Published: 2024-03-12 16:57 – Updated: 2025-05-03 00:46
VLAI?
EPSS
Title
Azure SDK Spoofing Vulnerability
Summary
Azure SDK Spoofing Vulnerability
Severity ?
CWE
- CWE-1395 - Dependency on Vulnerable Third-Party Component
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
Date Public ?
2024-03-12 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:20:40.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure SDK Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T19:21:36.716605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T14:16:37.921Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure SDK",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.29.5",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_sdk:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.29.5",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-03-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure SDK Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1395",
"description": "CWE-1395: Dependency on Vulnerable Third-Party Component",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:46:37.963Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure SDK Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421"
}
],
"title": "Azure SDK Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-21421",
"datePublished": "2024-03-12T16:57:43.762Z",
"dateReserved": "2023-12-08T22:45:21.301Z",
"dateUpdated": "2025-05-03T00:46:37.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-21421",
"date": "2026-05-20",
"epss": "0.0742",
"percentile": "0.91824"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:azure_software_development_kit:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0.0\", \"versionEndExcluding\": \"1.29.5\", \"matchCriteriaId\": \"06C65A69-5114-4289-A6E8-6216DB105DB2\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Azure SDK Spoofing Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de suplantaci\\u00f3n del SDK de Azure\"}]",
"id": "CVE-2024-21421",
"lastModified": "2024-12-27T18:25:29.033",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-03-12T17:15:50.920",
"references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-21421\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2024-03-12T17:15:50.920\",\"lastModified\":\"2024-12-27T18:25:29.033\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Azure SDK Spoofing Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de suplantaci\u00f3n del SDK de Azure\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:azure_software_development_kit:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndExcluding\":\"1.29.5\",\"matchCriteriaId\":\"06C65A69-5114-4289-A6E8-6216DB105DB2\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421\", \"name\": \"Azure SDK Spoofing Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:20:40.662Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-21421\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-12T19:21:36.716605Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-09T14:16:34.788Z\"}}], \"cna\": {\"title\": \"Azure SDK Spoofing Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Azure SDK\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"1.29.5\", \"versionType\": \"custom\"}], \"platforms\": [\"Unknown\"]}], \"datePublic\": \"2024-03-12T07:00:00.000Z\", \"references\": [{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421\", \"name\": \"Azure SDK Spoofing Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Azure SDK Spoofing Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"CWE\", \"cweId\": \"CWE-1395\", \"description\": \"CWE-1395: Dependency on Vulnerable Third-Party Component\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:microsoft:azure_sdk:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"1.29.5\", \"versionStartIncluding\": \"1.0.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2025-05-03T00:46:37.963Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-21421\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-03T00:46:37.963Z\", \"dateReserved\": \"2023-12-08T22:45:21.301Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2024-03-12T16:57:43.762Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-0207
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une usurpation d'identité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure Sentinel versions antérieures à OMS Agent pour Linux GA v1.19.0 | ||
| Microsoft | Azure | Azure SDK versions antérieures à 1.29.5 | ||
| Microsoft | Azure | Azure Kubernetes Service Confidential Containers versions antérieures à 0.3.3 | ||
| Microsoft | Azure | Azure Automation Update Management versions antérieures à OMS Agent pour Linux GA v1.19.0 | ||
| Microsoft | Azure | Azure Data Studio versions antérieures à 1.48.0 | ||
| Microsoft | Azure | Azure Security Center versions antérieures à OMS Agent pour Linux GA 1.19.0 | ||
| Microsoft | Azure | Azure Automation versions antérieures à OMS Agent pour Linux GA 1.19.0 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Sentinel versions ant\u00e9rieures \u00e0 OMS Agent pour Linux GA v1.19.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure SDK versions ant\u00e9rieures \u00e0 1.29.5",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Kubernetes Service Confidential Containers versions ant\u00e9rieures \u00e0 0.3.3",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Automation Update Management versions ant\u00e9rieures \u00e0 OMS Agent pour Linux GA v1.19.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Data Studio versions ant\u00e9rieures \u00e0 1.48.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Security Center versions ant\u00e9rieures \u00e0 OMS Agent pour Linux GA 1.19.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Automation versions ant\u00e9rieures \u00e0 OMS Agent pour Linux GA 1.19.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-21400",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21400"
},
{
"name": "CVE-2024-21330",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21330"
},
{
"name": "CVE-2024-21421",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21421"
},
{
"name": "CVE-2024-26203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26203"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21400 du 12 mars 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21400"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26203 du 12 mars 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26203"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21330 du 12 mars 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21421 du 12 mars 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421"
}
],
"reference": "CERTFR-2024-AVI-0207",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une usurpation d\u0027identit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure du 12 mars 2024",
"url": null
}
]
}
CERTFR-2024-AVI-0207
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une usurpation d'identité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Azure | Azure Sentinel versions antérieures à OMS Agent pour Linux GA v1.19.0 | ||
| Microsoft | Azure | Azure SDK versions antérieures à 1.29.5 | ||
| Microsoft | Azure | Azure Kubernetes Service Confidential Containers versions antérieures à 0.3.3 | ||
| Microsoft | Azure | Azure Automation Update Management versions antérieures à OMS Agent pour Linux GA v1.19.0 | ||
| Microsoft | Azure | Azure Data Studio versions antérieures à 1.48.0 | ||
| Microsoft | Azure | Azure Security Center versions antérieures à OMS Agent pour Linux GA 1.19.0 | ||
| Microsoft | Azure | Azure Automation versions antérieures à OMS Agent pour Linux GA 1.19.0 |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Azure Sentinel versions ant\u00e9rieures \u00e0 OMS Agent pour Linux GA v1.19.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure SDK versions ant\u00e9rieures \u00e0 1.29.5",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Kubernetes Service Confidential Containers versions ant\u00e9rieures \u00e0 0.3.3",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Automation Update Management versions ant\u00e9rieures \u00e0 OMS Agent pour Linux GA v1.19.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Data Studio versions ant\u00e9rieures \u00e0 1.48.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Security Center versions ant\u00e9rieures \u00e0 OMS Agent pour Linux GA 1.19.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Automation versions ant\u00e9rieures \u00e0 OMS Agent pour Linux GA 1.19.0",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-21400",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21400"
},
{
"name": "CVE-2024-21330",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21330"
},
{
"name": "CVE-2024-21421",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21421"
},
{
"name": "CVE-2024-26203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26203"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21400 du 12 mars 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21400"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26203 du 12 mars 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26203"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21330 du 12 mars 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21421 du 12 mars 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421"
}
],
"reference": "CERTFR-2024-AVI-0207",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Azure\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une usurpation d\u0027identit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure du 12 mars 2024",
"url": null
}
]
}
BDU:2024-02109
Vulnerability from fstec - Published: 12.03.2024
VLAI Severity ?
Title
Уязвимость программного пакета для разработки программного обеспечения Azure SDK, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю проводить спуфинг атаки
Description
Уязвимость программного пакета для разработки программного обеспечения Azure SDK связана с ошибками представления информации пользовательским интерфейсом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, проводить спуфинг атаки
Severity ?
Vendor
Microsoft Corp
Software Name
Azure SDK
Software Version
до 1.29.5 (Azure SDK)
Possible Mitigations
Использование рекомендаций:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21421
Reference
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21421
https://vuldb.com/?id.256564
https://www.cybersecurity-help.cz/vdb/SB20240312356
CWE
CWE-451
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 1.29.5 (Azure SDK)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21421",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.03.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.03.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.03.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-02109",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-21421",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Azure SDK",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Azure SDK, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433 \u0430\u0442\u0430\u043a\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "UI \u041b\u043e\u0436\u043d\u043e\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c. (CWE-451)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043f\u0430\u043a\u0435\u0442\u0430 \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Azure SDK \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u043e\u0434\u0438\u0442\u044c \u0441\u043f\u0443\u0444\u0438\u043d\u0433 \u0430\u0442\u0430\u043a\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21421\nhttps://vuldb.com/?id.256564\nhttps://www.cybersecurity-help.cz/vdb/SB20240312356",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-451",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
FKIE_CVE-2024-21421
Vulnerability from fkie_nvd - Published: 2024-03-12 17:15 - Updated: 2024-12-27 18:25
Severity ?
Summary
Azure SDK Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | azure_software_development_kit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06C65A69-5114-4289-A6E8-6216DB105DB2",
"versionEndExcluding": "1.29.5",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Azure SDK Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n del SDK de Azure"
}
],
"id": "CVE-2024-21421",
"lastModified": "2024-12-27T18:25:29.033",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-03-12T17:15:50.920",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-3C39-W687-672W
Vulnerability from github – Published: 2024-03-12 18:31 – Updated: 2024-03-12 18:31
VLAI?
{
"affected": [],
"aliases": [
"CVE-2024-21421"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-12T17:15:50Z",
"severity": "HIGH"
},
"details": "Azure SDK Spoofing Vulnerability",
"id": "GHSA-3c39-w687-672w",
"modified": "2024-03-12T18:31:12Z",
"published": "2024-03-12T18:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21421"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2024-21421
Vulnerability from gsd - Updated: 2023-12-13 01:21{
"GSD": {
"alias": "CVE-2024-21421",
"id": "GSD-2024-21421"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-21421"
],
"details": "Azure SDK Spoofing Vulnerability",
"id": "GSD-2024-21421",
"modified": "2023-12-13T01:21:42.653644Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2024-21421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Azure SDK",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.0.0",
"version_value": "1.29.5"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Azure SDK Spoofing Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421",
"refsource": "MISC",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "Azure SDK Spoofing Vulnerability"
}
],
"id": "CVE-2024-21421",
"lastModified": "2024-03-12T17:46:17.273",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-03-12T17:15:50.920",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Awaiting Analysis"
}
}
}
}
MSRC_CVE-2024-21421
Vulnerability from csaf_microsoft - Published: 2024-03-12 07:00 - Updated: 2024-03-12 07:00Summary
Azure SDK Spoofing Vulnerability
Severity
Important
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
CWE-1395
- Dependency on Vulnerable Third-Party Component
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Azure SDK 1.29.5
Azure SDK
|
1.29.5 |
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Azure SDK <1.29.5
Azure SDK
|
<1.29.5 |
Vendor Fix
fix
|
Threats
Impact
Spoofing
Exploit Status
Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
References
7 references
Acknowledgments
Chris Burr
Chris Burr
{
"document": {
"acknowledgments": [
{
"names": [
"Chris Burr"
]
},
{
"names": [
"Chris Burr"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21421 Azure SDK Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421"
},
{
"category": "self",
"summary": "CVE-2024-21421 Azure SDK Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2024/msrc_cve-2024-21421.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Azure SDK Spoofing Vulnerability",
"tracking": {
"current_release_date": "2024-03-12T07:00:00.000Z",
"generator": {
"date": "2025-05-03T00:46:37.490Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-21421",
"initial_release_date": "2024-03-12T07:00:00.000Z",
"revision_history": [
{
"date": "2024-03-12T07:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.29.5",
"product": {
"name": "Azure SDK \u003c1.29.5",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "1.29.5",
"product": {
"name": "Azure SDK 1.29.5",
"product_id": "11797"
}
}
],
"category": "product_name",
"name": "Azure SDK"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21421",
"cwe": {
"id": "CWE-1395",
"name": "Dependency on Vulnerable Third-Party Component"
},
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "Customers with deployments created prior to Oct 19. 2023 must manually upgrade azure-core to Azure Core Build 1.29.5 or higher to be protected. For information reference the following: https://azure.github.io/azure-sdk/releases/latest/index.html. Customers with deployments created after October 19, 2023 recieved the fix automatically and no action is needed.",
"title": "What actions do customers need to take to protect themselves from this vulnerability?"
}
],
"product_status": {
"fixed": [
"11797"
],
"known_affected": [
"1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21421 Azure SDK Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421"
},
{
"category": "self",
"summary": "CVE-2024-21421 Azure SDK Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/advisories/2024/msrc_cve-2024-21421.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-12T07:00:00.000Z",
"details": "1.29.5:Security Update:https://learn.microsoft.com/en-us/dotnet/api/overview/azure/core-readme?view=azure-dotnet",
"product_ids": [
"1"
],
"url": "https://learn.microsoft.com/en-us/dotnet/api/overview/azure/core-readme?view=azure-dotnet"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Spoofing"
},
{
"category": "exploit_status",
"details": "Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely"
}
],
"title": "Azure SDK Spoofing Vulnerability"
}
]
}
WID-SEC-W-2024-0612
Vulnerability from csaf_certbund - Published: 2024-03-12 23:00 - Updated: 2024-05-01 22:00Summary
Microsoft Azure: Mehrere Schwachstellen
Severity
Kritisch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Azure ist eine Cloud Computing-Plattform von Microsoft.
Angriff: Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Microsoft Azure ausnutzen, um seine Privilegien zu erhöhen, beliebigen Code auszuführen und Informationen falsch darzustellen.
Betroffene Betriebssysteme: - Windows
In Microsoft Azure existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund eines use-after-free Fehlers und zahlreicher unbeschriebener Fehler. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, seine Privilegien zu erweitern und Informationen falsch darzustellen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Sentinel
Microsoft / Azure
|
cpe:/a:microsoft:azure:sentinel
|
Sentinel | |
|
Microsoft Azure Security Center
Microsoft / Azure
|
cpe:/a:microsoft:azure:security_center
|
Security Center | |
|
IBM QRadar SIEM 7.3.3-7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3.3_-_7.5.0
|
7.3.3-7.5.0 | |
|
Microsoft Azure Automation Update Management
Microsoft / Azure
|
cpe:/a:microsoft:azure:automation_update_management
|
Automation Update Management | |
|
Microsoft Azure Data Studio
Microsoft / Azure
|
cpe:/a:microsoft:azure:data_studio
|
Data Studio | |
|
Microsoft Azure Automation
Microsoft / Azure
|
cpe:/a:microsoft:azure:automation
|
Automation | |
|
Microsoft Azure Kubernetes Service Confidential Containers
Microsoft / Azure
|
cpe:/a:microsoft:azure:kubernetes_service_confidential_containers
|
Kubernetes Service Confidential Containers | |
|
Microsoft Azure SDK
Microsoft / Azure
|
cpe:/a:microsoft:azure:sdk
|
SDK |
In Microsoft Azure existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund eines use-after-free Fehlers und zahlreicher unbeschriebener Fehler. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, seine Privilegien zu erweitern und Informationen falsch darzustellen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Sentinel
Microsoft / Azure
|
cpe:/a:microsoft:azure:sentinel
|
Sentinel | |
|
Microsoft Azure Security Center
Microsoft / Azure
|
cpe:/a:microsoft:azure:security_center
|
Security Center | |
|
IBM QRadar SIEM 7.3.3-7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3.3_-_7.5.0
|
7.3.3-7.5.0 | |
|
Microsoft Azure Automation Update Management
Microsoft / Azure
|
cpe:/a:microsoft:azure:automation_update_management
|
Automation Update Management | |
|
Microsoft Azure Data Studio
Microsoft / Azure
|
cpe:/a:microsoft:azure:data_studio
|
Data Studio | |
|
Microsoft Azure Automation
Microsoft / Azure
|
cpe:/a:microsoft:azure:automation
|
Automation | |
|
Microsoft Azure Kubernetes Service Confidential Containers
Microsoft / Azure
|
cpe:/a:microsoft:azure:kubernetes_service_confidential_containers
|
Kubernetes Service Confidential Containers | |
|
Microsoft Azure SDK
Microsoft / Azure
|
cpe:/a:microsoft:azure:sdk
|
SDK |
In Microsoft Azure existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund eines use-after-free Fehlers und zahlreicher unbeschriebener Fehler. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, seine Privilegien zu erweitern und Informationen falsch darzustellen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Sentinel
Microsoft / Azure
|
cpe:/a:microsoft:azure:sentinel
|
Sentinel | |
|
Microsoft Azure Security Center
Microsoft / Azure
|
cpe:/a:microsoft:azure:security_center
|
Security Center | |
|
IBM QRadar SIEM 7.3.3-7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3.3_-_7.5.0
|
7.3.3-7.5.0 | |
|
Microsoft Azure Automation Update Management
Microsoft / Azure
|
cpe:/a:microsoft:azure:automation_update_management
|
Automation Update Management | |
|
Microsoft Azure Data Studio
Microsoft / Azure
|
cpe:/a:microsoft:azure:data_studio
|
Data Studio | |
|
Microsoft Azure Automation
Microsoft / Azure
|
cpe:/a:microsoft:azure:automation
|
Automation | |
|
Microsoft Azure Kubernetes Service Confidential Containers
Microsoft / Azure
|
cpe:/a:microsoft:azure:kubernetes_service_confidential_containers
|
Kubernetes Service Confidential Containers | |
|
Microsoft Azure SDK
Microsoft / Azure
|
cpe:/a:microsoft:azure:sdk
|
SDK |
In Microsoft Azure existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund eines use-after-free Fehlers und zahlreicher unbeschriebener Fehler. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, seine Privilegien zu erweitern und Informationen falsch darzustellen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Sentinel
Microsoft / Azure
|
cpe:/a:microsoft:azure:sentinel
|
Sentinel | |
|
Microsoft Azure Security Center
Microsoft / Azure
|
cpe:/a:microsoft:azure:security_center
|
Security Center | |
|
IBM QRadar SIEM 7.3.3-7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3.3_-_7.5.0
|
7.3.3-7.5.0 | |
|
Microsoft Azure Automation Update Management
Microsoft / Azure
|
cpe:/a:microsoft:azure:automation_update_management
|
Automation Update Management | |
|
Microsoft Azure Data Studio
Microsoft / Azure
|
cpe:/a:microsoft:azure:data_studio
|
Data Studio | |
|
Microsoft Azure Automation
Microsoft / Azure
|
cpe:/a:microsoft:azure:automation
|
Automation | |
|
Microsoft Azure Kubernetes Service Confidential Containers
Microsoft / Azure
|
cpe:/a:microsoft:azure:kubernetes_service_confidential_containers
|
Kubernetes Service Confidential Containers | |
|
Microsoft Azure SDK
Microsoft / Azure
|
cpe:/a:microsoft:azure:sdk
|
SDK |
In Microsoft Azure existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund eines use-after-free Fehlers und zahlreicher unbeschriebener Fehler. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, seine Privilegien zu erweitern und Informationen falsch darzustellen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Sentinel
Microsoft / Azure
|
cpe:/a:microsoft:azure:sentinel
|
Sentinel | |
|
Microsoft Azure Security Center
Microsoft / Azure
|
cpe:/a:microsoft:azure:security_center
|
Security Center | |
|
IBM QRadar SIEM 7.3.3-7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3.3_-_7.5.0
|
7.3.3-7.5.0 | |
|
Microsoft Azure Automation Update Management
Microsoft / Azure
|
cpe:/a:microsoft:azure:automation_update_management
|
Automation Update Management | |
|
Microsoft Azure Data Studio
Microsoft / Azure
|
cpe:/a:microsoft:azure:data_studio
|
Data Studio | |
|
Microsoft Azure Automation
Microsoft / Azure
|
cpe:/a:microsoft:azure:automation
|
Automation | |
|
Microsoft Azure Kubernetes Service Confidential Containers
Microsoft / Azure
|
cpe:/a:microsoft:azure:kubernetes_service_confidential_containers
|
Kubernetes Service Confidential Containers | |
|
Microsoft Azure SDK
Microsoft / Azure
|
cpe:/a:microsoft:azure:sdk
|
SDK |
In Microsoft Azure existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund eines use-after-free Fehlers und zahlreicher unbeschriebener Fehler. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, seine Privilegien zu erweitern und Informationen falsch darzustellen.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Azure Sentinel
Microsoft / Azure
|
cpe:/a:microsoft:azure:sentinel
|
Sentinel | |
|
Microsoft Azure Security Center
Microsoft / Azure
|
cpe:/a:microsoft:azure:security_center
|
Security Center | |
|
IBM QRadar SIEM 7.3.3-7.5.0
IBM / QRadar SIEM
|
cpe:/a:ibm:qradar_siem:7.3.3_-_7.5.0
|
7.3.3-7.5.0 | |
|
Microsoft Azure Automation Update Management
Microsoft / Azure
|
cpe:/a:microsoft:azure:automation_update_management
|
Automation Update Management | |
|
Microsoft Azure Data Studio
Microsoft / Azure
|
cpe:/a:microsoft:azure:data_studio
|
Data Studio | |
|
Microsoft Azure Automation
Microsoft / Azure
|
cpe:/a:microsoft:azure:automation
|
Automation | |
|
Microsoft Azure Kubernetes Service Confidential Containers
Microsoft / Azure
|
cpe:/a:microsoft:azure:kubernetes_service_confidential_containers
|
Kubernetes Service Confidential Containers | |
|
Microsoft Azure SDK
Microsoft / Azure
|
cpe:/a:microsoft:azure:sdk
|
SDK |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Azure ist eine Cloud Computing-Plattform von Microsoft.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Microsoft Azure ausnutzen, um seine Privilegien zu erh\u00f6hen, beliebigen Code auszuf\u00fchren und Informationen falsch darzustellen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0612 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0612.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0612 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0612"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2024-03-12",
"url": "https://msrc.microsoft.com/update-guide"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7149967 vom 2024-05-01",
"url": "https://www.ibm.com/support/pages/node/7149967"
}
],
"source_lang": "en-US",
"title": "Microsoft Azure: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-05-01T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:06:22.718+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-0612",
"initial_release_date": "2024-03-12T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-03-12T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3.3-7.5.0",
"product": {
"name": "IBM QRadar SIEM 7.3.3-7.5.0",
"product_id": "T034489",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.3.3_-_7.5.0"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Automation",
"product": {
"name": "Microsoft Azure Automation",
"product_id": "T033405",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure:automation"
}
}
},
{
"category": "product_version",
"name": "Automation Update Management",
"product": {
"name": "Microsoft Azure Automation Update Management",
"product_id": "T033406",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure:automation_update_management"
}
}
},
{
"category": "product_version",
"name": "Data Studio",
"product": {
"name": "Microsoft Azure Data Studio",
"product_id": "T033407",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure:data_studio"
}
}
},
{
"category": "product_version",
"name": "Kubernetes Service Confidential Containers",
"product": {
"name": "Microsoft Azure Kubernetes Service Confidential Containers",
"product_id": "T033409",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure:kubernetes_service_confidential_containers"
}
}
},
{
"category": "product_version",
"name": "SDK",
"product": {
"name": "Microsoft Azure SDK",
"product_id": "T033410",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure:sdk"
}
}
},
{
"category": "product_version",
"name": "Security Center",
"product": {
"name": "Microsoft Azure Security Center",
"product_id": "T033412",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure:security_center"
}
}
},
{
"category": "product_version",
"name": "Sentinel",
"product": {
"name": "Microsoft Azure Sentinel",
"product_id": "T033413",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:azure:sentinel"
}
}
}
],
"category": "product_name",
"name": "Azure"
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21330",
"notes": [
{
"category": "description",
"text": "In Microsoft Azure existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund eines use-after-free Fehlers und zahlreicher unbeschriebener Fehler. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern und Informationen falsch darzustellen."
}
],
"product_status": {
"known_affected": [
"T033413",
"T033412",
"T034489",
"T033406",
"T033407",
"T033405",
"T033409",
"T033410"
]
},
"release_date": "2024-03-12T23:00:00.000+00:00",
"title": "CVE-2024-21330"
},
{
"cve": "CVE-2024-21334",
"notes": [
{
"category": "description",
"text": "In Microsoft Azure existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund eines use-after-free Fehlers und zahlreicher unbeschriebener Fehler. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern und Informationen falsch darzustellen."
}
],
"product_status": {
"known_affected": [
"T033413",
"T033412",
"T034489",
"T033406",
"T033407",
"T033405",
"T033409",
"T033410"
]
},
"release_date": "2024-03-12T23:00:00.000+00:00",
"title": "CVE-2024-21334"
},
{
"cve": "CVE-2024-21400",
"notes": [
{
"category": "description",
"text": "In Microsoft Azure existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund eines use-after-free Fehlers und zahlreicher unbeschriebener Fehler. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern und Informationen falsch darzustellen."
}
],
"product_status": {
"known_affected": [
"T033413",
"T033412",
"T034489",
"T033406",
"T033407",
"T033405",
"T033409",
"T033410"
]
},
"release_date": "2024-03-12T23:00:00.000+00:00",
"title": "CVE-2024-21400"
},
{
"cve": "CVE-2024-21418",
"notes": [
{
"category": "description",
"text": "In Microsoft Azure existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund eines use-after-free Fehlers und zahlreicher unbeschriebener Fehler. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern und Informationen falsch darzustellen."
}
],
"product_status": {
"known_affected": [
"T033413",
"T033412",
"T034489",
"T033406",
"T033407",
"T033405",
"T033409",
"T033410"
]
},
"release_date": "2024-03-12T23:00:00.000+00:00",
"title": "CVE-2024-21418"
},
{
"cve": "CVE-2024-21421",
"notes": [
{
"category": "description",
"text": "In Microsoft Azure existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund eines use-after-free Fehlers und zahlreicher unbeschriebener Fehler. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern und Informationen falsch darzustellen."
}
],
"product_status": {
"known_affected": [
"T033413",
"T033412",
"T034489",
"T033406",
"T033407",
"T033405",
"T033409",
"T033410"
]
},
"release_date": "2024-03-12T23:00:00.000+00:00",
"title": "CVE-2024-21421"
},
{
"cve": "CVE-2024-26203",
"notes": [
{
"category": "description",
"text": "In Microsoft Azure existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund eines use-after-free Fehlers und zahlreicher unbeschriebener Fehler. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, seine Privilegien zu erweitern und Informationen falsch darzustellen."
}
],
"product_status": {
"known_affected": [
"T033413",
"T033412",
"T034489",
"T033406",
"T033407",
"T033405",
"T033409",
"T033410"
]
},
"release_date": "2024-03-12T23:00:00.000+00:00",
"title": "CVE-2024-26203"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…