Elevated Privileges Through Improper Authorization in Azure Web Apps

CVE-2024-38194
8.4HIGH

Key Information

Vendor
Microsoft
Status
Azure Web Apps
Vendor
CVE Published:
10 September 2024

Summary

An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.

Affected Version(s)

Azure Web Apps =

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Risk change from: 9.9 to: 8.4 - (HIGH)

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed
.