6 matches found
Azure Service Fabric Explorer Spoofing (Oct 2022)
The Azure Service Fabric installed on the remote host is affected by a spoofing vulnerability. A remote, authenticated attacker can exploit this to compromise confidentiality. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
CVE-2022-35829
creationtimestamp| type| source ---|---|--- 2022-10-19 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2022/10/awareness-and-guidance-related-to-potential-service-fabric-explorer-sfx-v1-web-client-risk/ 2023-01-05 21:55:21+00:00| published-proof-of-concept| https://t.me/RESOLUTEATTACK/316...
Vulnerabilities fixed in Microsoft Azure
Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or to impersonate another user. The vulnerability with attribute CVE-2022-37968 has a CVSS of 10.0. If an unauthenticated malicious person uses the randomly generat...
CVE-2022-35829
Service Fabric Explorer Spoofing Vulnerability...
CVE-2022-35829
CVE-2022-35829 is a cross-site scripting (XSS) vulnerability in Microsoft Azure Service Fabric Explorer (SFX). The issue affects older SFX web client versions (SFXv1), allowing a remote attacker to inject scripts and potentially access confidential data. The advisory notes that the vulnerability ...
CVE-2022-35829 Service Fabric Explorer Spoofing Vulnerability
...