7 matches found
CVE-2023-23383
CVE-2023-23383 is a spoofing vulnerability affecting Azure Service Fabric Explorer (SFX). Public materials describe a remote, unauthenticated chain enabling spoofed UI and, in a detailed exploit write-up, remote code execution via an XSS chain in SFX 9.1.1436.9590 and earlier. Affected product/ve...
CVE-2023-21531
CVE-2023-21531 is an elevation-of-privilege vulnerability affecting Azure Service Fabric Container . Reports indicate the issue enables a local attacker with low privileges to gain higher privileges within the affected Service Fabric Container, with a CVSS v3.1 base score of 7.0 (High) and impact...
CVE-2022-35829
CVE-2022-35829 is a cross-site scripting (XSS) vulnerability in Microsoft Azure Service Fabric Explorer (SFX). The issue affects older SFX web client versions (SFXv1), allowing a remote attacker to inject scripts and potentially access confidential data. The advisory notes that the vulnerability ...
CVE-2023-36868
Azure Service Fabric on Windows (Azure Service Fabric 9.0 and 9.1 for Windows) is affected by CVE-2023-36868, described as an information-disclosure vulnerability that could allow an attacker to obtain sensitive data. The CVSS base score is 6.5 (Medium) with adjacent attack vector, low complexity...
CVE-2021-27075
CVE-2021-27075 is an Azure information-disclosure vulnerability affecting Azure Virtual Machines across multiple Azure services (e.g., Azure Spring Cloud, AKS, Container Instance, Service Fabric). The underlying root cause is described as an information disclosure flaw allowing access to sensitiv...
CVE-2024-43480
CVE-2024-43480 affects Azure Service Fabric for Linux. Connected docs indicate a remote code execution vulnerability, with a possible root cause described as a buffer overflow in dynamic memory (per PT-2024-6744). CVSSv3 base score is 6.6 (MEDIUM) with network access, high attack complexity and h...
CVE-2025-21195
CVE-2025-21195 refers to an elevation-of-privilege flaw in Azure Service Fabric Runtime caused by improper link resolution before file access (link following). The vulnerability enables a locally authenticated attacker to elevate privileges on affected Service Fabric components. Connected sources...