CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49052 – Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-49052
26 Nov 2024 — Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49052 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38204 – Imagine Cup site Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-38204
15 Oct 2024 — Improper Access Control in Imagine Cup allows an authorized attacker to elevate privileges over a network. Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38204 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-16904 – Azure Functions Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2020-16904
16 Oct 2020 —
An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.
An unauthenticated attacker who successfully exploited this vulnerability could invoke an HTTP Function without proper authorization.
This security update addresses the vulnerability by correctly validating access keys used to access HTTP Functions.
Se presenta una vulnerabilidad de escalada de privilegios en la manera que Azure Functions comprueba claves de acceso. Un atacante no autenticado... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16904 • CWE-863: Incorrect Authorization •