CVE-2024-49035

Partner.Microsoft.Com Elevation of Privilege Vulnerability

CVSS 8.7 HIGHEPSS 1.3%● KEVCWE-269

In short

An attacker without an account can gain unauthorized higher-level access on Partner.Microsoft.com over the network. This is dangerous because it allows them to perform actions they shouldn't be allowed to do, potentially accessing sensitive partner information or making unauthorized changes.

Technical detail

An improper access control vulnerability (CWE-269) in Partner.Microsoft.com permits unauthenticated remote attackers to escalate privileges without authentication. The vulnerability stems from insufficient validation of access permissions, enabling attackers to perform operations reserved for authenticated or higher-privileged users.

Summary generated and translated by AI from the official description.

An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

Affected products

Microsoft · Microsoft Partner Center

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49035 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-49035