Lucene search
K
MicrosoftEntra Id

9 matches found

CVE
CVE
added 2026/04/23 9:37 p.m.81 views

CVE-2026-35431

CVE-2026-35431 covers a spoofing vulnerability in Microsoft Entra ID Entitlement Management. The entry indicates a remote, network-exploitable flaw with no user interaction, causing high impact to confidentiality, integrity, and availability (S:C, C:H, I:H, A:H). Exploit code maturity is UNPROVEN...

10CVSS5.8AI score0.00511EPSS
CVE
CVE
added 2024/08/23 1:14 a.m.79 views

CVE-2024-43477

CVE-2024-43477 concerns an improper access control flaw in Decentralized Identity Services within Microsoft Entra ID. The vulnerability allows an unauthenticated attacker to disable Verifiable IDs on a different tenant, effectively an elevation of privilege scenario for the affected identity serv...

7.5CVSS7.5AI score0.01043EPSS
CVE
CVE
added 2026/05/22 10:3 p.m.67 views

CVE-2026-33843

CVE-2026-33843 affects Microsoft Azure Active Directory B2C. A authentication bypass via an alternate path or channel could allow an unauthorized attacker to elevate privileges over a network. The CVSSv3.1 base score is 9.1 (CRITICAL) with high impact on confidentiality and integrity, and no user...

9.8CVSS5.8AI score0.00473EPSS
CVE
CVE
added 2025/09/04 11:9 p.m.61 views

CVE-2025-55241

PT-2025-36098 confirms CVE-2025-55241 affects Microsoft Entra ID (formerly Azure Active Directory) and describes the root cause as improper validation of tenant context during token authentication, enabling potential elevation of privileges via actor tokens. The advisory states a critical, networ...

10CVSS6.5AI score0.01549EPSS
CVE
CVE
added 2026/05/22 10:4 p.m.51 views

CVE-2026-42901

CVE-2026-42901 affects Microsoft Entra ID. AOrigin validation error allows an unauthenticated attacker to elevate privileges over a network. Metrics indicate a CRITICAL impact (CVSSv3.1: 10.0, AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) with network-based access, no user interaction, and a changed scope...

10CVSS5.8AI score0.00301EPSS
CVE
CVE
added 2025/10/09 9:4 p.m.43 views

CVE-2025-59246

Concrete details found: CVE-2025-59246 affects Microsoft Entra ID via an internal authentication-bypass in the Entra ID Graph API extension role-synchronization path, enabling remote elevation of privileges (no credentials required). Exploitation described in a GitHub exploit repo confirms unauth...

9.8CVSS6.5AI score0.071EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.41 views

CVE-2026-40379

CVE-2026-40379 is a Microsoft ESTS (Enterprise Security Token Service) spoofing vulnerability impacting Azure services. The connected sources confirm exposure of sensitive information to an unauthorized actor in Azure Entra ID and describe exploitation as network-based spoofing. The CVSS 3.1 scor...

9.3CVSS5.8AI score0.0091EPSS
CVE
CVE
added 2025/10/09 9:4 p.m.34 views

CVE-2025-59218

CVE-2025-59218 affects Microsoft Azure Entra ID. The connected sources identify an Elevation of Privilege vulnerability in Azure Entra ID with a CVSS v3.1 base score of 9.6 (Network attack vector, Low attack complexity, No privileges required, User interaction required; Confidentiality/Integrity ...

9.6CVSS6.5AI score0.00615EPSS
CVE
CVE
added 2026/01/22 10:47 p.m.33 views

CVE-2026-24305

CVE-2026-24305 maps to an Elevation of Privilege vulnerability in Azure Entra ID. Public disclosures in the connected sources indicate a high-impact issue with critical scores (NVD 9.8 overall; MS description 9.3) and a network/vector with no user interaction required. The exact vulnerable compon...

9.8CVSS5.3AI score0.00497EPSS