8 matches found
CVE-2023-23382
CVE-2023-23382 affects Azure Machine Learning Compute Instance. Multiple sources describe an information-disclosure vulnerability in the Compute Instance that can be exploited remotely to access sensitive data. CVSSv3 base score is 6.5 (MEDIUM) with network access, low attack complexity and low p...
CVE-2023-28312
CVE-2023-28312 affects Azure Machine Learning. It is an information-disclosure vulnerability in the Azure Machine Learning component that can allow an attacker located in the same secured network (attack vector: adjacent) to access system logs or sensitive data. The CVSSv3.1 base score is 6.5 (ME...
CVE-2025-30390
CVE-2025-30390 affects Microsoft Azure Machine Learning Compute. Described as an improper authorization vulnerability that enables an authorized attacker to elevate privileges over a network. Root cause is improper authorization in Azure; impact is privilege escalation (high/critical). Exploitati...
CVE-2025-49747
CVE-2025-49747 is a privilege-escalation vulnerability affecting Microsoft Azure Machine Learning reported as missing authorization. Affected component: Azure Machine Learning (machine learning services platform). Root cause per description: insufficient access control that allows an authorized a...
CVE-2025-49746
CVE-2025-49746 affects Microsoft Azure Machine Learning. The vulnerability is caused by improper authorization, enabling an attacker with network access to escalate privileges within the affected service. Documented impact is privilege escalation with high confidentiality, integrity, and availabi...
CVE-2025-47995
Azure Machine Learning is identified in CVE-2025-47995 as having weak authentication that enables a network-based privilege escalation by an authorized attacker. The entry derives from Microsoft/Red Hat and multiple security sources, describing the vulnerability as affecting Microsoft Azure Machi...
CVE-2026-33833
Azure Machine Learning is affected where the issue occurs in the downstream component’s output handling, described as an improper neutralization of special elements that enables network spoofing. The CVE-2026-33833 entry notes an attacker could exploit this via a network vector with no user inter...
CVE-2026-32207
CVE-2026-32207 concerns an XSS vulnerability in Azure Machine Learning Notebook/Notebook UI where improper neutralization of input during web page generation enables an unauthenticated attacker to spoof content over the network. Underlying cause: improper sanitization of user-controlled input in ...