Azure SDK Spoofing Vulnerability
CVE-2024-21421

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Azure Sdk
Vendor: CVE Published:; 12 March 2024

Summary

A spoofing vulnerability has been identified in Azure SDK, allowing malicious actors to potentially impersonate legitimate users or services. This could lead to unauthorized access and manipulation of sensitive data within Microsoft cloud environments. Timely updates and security patches are crucial to mitigate potential threats from this vulnerability. Organizations using Azure SDK are advised to apply the latest security updates and review their security configurations to safeguard their applications.

Affected Version(s)

Azure SDK Unknown 1.0.0 < 1.29.5

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

0% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 12, 2024
Vulnerability Reserved
Dec 8, 2023

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed