Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.
Max CVSS
9.8
EPSS Score
0.13%
Published
2024-01-10
Updated
2024-01-19

CVE-2024-21410

Known exploited
Microsoft Exchange Server Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
1.86%
Published
2024-02-13
Updated
2024-02-26
CISA KEV Added
2024-02-15
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Max CVSS
9.0
EPSS Score
0.09%
Published
2024-02-13
Updated
2024-02-13
Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.11%
Published
2024-02-13
Updated
2024-02-23
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability
Max CVSS
9.0
EPSS Score
0.09%
Published
2024-03-12
Updated
2024-03-12
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
Max CVSS
9.3
EPSS Score
0.05%
Published
2024-02-13
Updated
2024-03-07
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Max CVSS
9.6
EPSS Score
0.11%
Published
2024-01-26
Updated
2024-01-31
Azure RTOS ThreadX is an advanced real-time operating system (RTOS) designed specifically for deeply embedded applications. An attacker can cause arbitrary read and write due to vulnerability in parameter checking mechanism in Azure RTOS ThreadX, which may lead to privilege escalation. The affected components include RTOS ThreadX v6.2.1 and below. The fixes have been included in ThreadX release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
9.8
EPSS Score
0.20%
Published
2023-12-05
Updated
2023-12-08
Windows Mobile Device Management Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.16%
Published
2023-08-08
Updated
2023-11-06
Windows System Assessment Tool Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.16%
Published
2023-08-08
Updated
2023-08-10
Microsoft Office Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.13%
Published
2023-09-12
Updated
2023-09-14
Visual Studio Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.13%
Published
2023-09-12
Updated
2023-09-15
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Max CVSS
9.6
EPSS Score
0.10%
Published
2023-09-15
Updated
2024-02-03
Windows IIS Server Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.13%
Published
2023-10-10
Updated
2023-10-12
Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.13%
Published
2023-10-10
Updated
2023-11-30
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.10%
Published
2023-11-14
Updated
2023-11-21
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Max CVSS
9.6
EPSS Score
0.09%
Published
2023-12-07
Updated
2024-02-03
Windows Partition Management Driver Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.14%
Published
2023-07-11
Updated
2023-07-14
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.14%
Published
2023-07-11
Updated
2023-07-14

CVE-2023-29357

Known exploited
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
48.40%
Published
2023-06-14
Updated
2024-01-11
CISA KEV Added
2024-01-10
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.28%
Published
2023-09-12
Updated
2023-09-14

CVE-2023-23397

Known exploited
Microsoft Outlook Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
92.35%
Published
2023-03-14
Updated
2023-03-20
CISA KEV Added
2023-03-14
Microsoft Exchange Server Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
0.33%
Published
2023-08-08
Updated
2023-08-10

CVE-2022-41080

Known exploited
Used for ransomware
Microsoft Exchange Server Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
2.29%
Published
2022-11-09
Updated
2023-06-13
CISA KEV Added
2023-01-10

CVE-2022-26923

Known exploited
Public exploit
Active Directory Domain Services Elevation of Privilege Vulnerability
Max CVSS
9.0
EPSS Score
7.92%
Published
2022-05-10
Updated
2023-12-21
CISA KEV Added
2022-08-18
140 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!