Lucene search
MicrosoftCVE-2024-43477HistoryAug 23, 2024 - 2:15 a.m.
CVE-2024-43477
2024-08-2302:15:07
CWE-284
microsoft
web.nvd.nist.gov
30
decentralized identity services
access control
unauthenticated attacker
verifiable id's
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
17.8%
Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID’s on another tenant.
Affected configurations
Node
microsoftmicrosoft_entra_idMatchn\/a
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | microsoft_entra_id | n/a | cpe:2.3:a:microsoft:microsoft_entra_id:n\/a:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Microsoft",
"product": "Microsoft Entra",
"cpes": [
"cpe:2.3:a:microsoft:microsoft_entra_id:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "N/A",
"status": "affected"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-43477 Microsoft Entra ID Elevation of Privilege Vulnerability
2024-08-23 01:14:09
mscve
mscve
Microsoft Entra ID Elevation of Privilege Vulnerability
2024-08-22 07:00:00
nvd
nvd
CVE-2024-43477
2024-08-23 02:15:07
kaspersky
kaspersky
KLA71828 PE vulnerability in Microsoft Azure
2024-08-22 00:00:00
cvelist
cvelist
CVE-2024-43477 Microsoft Entra ID Elevation of Privilege Vulnerability
2024-08-23 01:14:09
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
17.8%
Related for CVE-2024-43477