Multiple vulnerabilities in Microsoft Azure

Description

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Azure Connected Machine Agent can be exploited remotely to gain privileges.
2. An information disclosure vulnerability in Azure Machine Learning Compute Instance for SDK Users can be exploited remotely to obtain sensitive information.
3. A spoofing vulnerability in Microsoft Power Platform Connector can be exploited remotely to spoof user interface.

Original advisories

• CVE-2023-35624

• CVE-2023-35625
• CVE-2023-36019

Related products

• Microsoft-Azure

CVE list

• CVE-2023-36019
  high
• CVE-2023-35624
  high
• CVE-2023-35625
  warning

KB list

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com