Imagine Cup site Information Disclosure Vulnerability
CVE-2024-38204

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Azure Functions
Vendor: CVE Published:; 15 October 2024

Summary

An improper access control vulnerability in Imagine Cup enables an authorized attacker to elevate their privileges across a network. This flaw could potentially allow a malicious actor to gain elevated permissions, providing them with unauthorized access to sensitive functionalities within the application. Organizations using Imagine Cup are advised to review their security practices and apply necessary patches as recommended by Microsoft.

Affected Version(s)

Microsoft Azure Functions Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2024