An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:NMicrosoft Partner Center
APPMicrosoftwszystkie wersje
CISA KEV — detailsi
- Vendori
- Microsoft ↗
- Producti
- Partner Center
- Added to KEVi
- February 25, 2025
- Remediation deadline (US Federal)i
- March 18, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.
Related vulnerabilities
Privilege Escalation w Microsoft Partner Center przez nieprawidłową kontrolę dostępu
Nieprawidłowa autoryzacja w Microsoft Partner Center — privilege escalation
Nieautoryzowana eskalacja uprawnień w Microsoft Partner Center
Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthor...
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów