Search criteria
14 vulnerabilities found for azure_service_fabric by microsoft
CVE-2025-21195 (GCVE-0-2025-21195)
Vulnerability from nvd – Published: 2025-07-08 16:57 – Updated: 2026-02-13 19:06
VLAI
Title
Azure Service Fabric Runtime Elevation of Privilege Vulnerability
Summary
Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.
Severity
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Service Fabric |
Affected:
1.0.0 , < 10.1 Cumulative Update 7.0
(custom)
|
Date Public
2025-07-08 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T19:26:12.089085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T19:54:21.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Service Fabric",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.1 Cumulative Update 7.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azure:service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1 Cumulative Update 7.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper link resolution before file access (\u0027link following\u0027) in Service Fabric allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:06:37.177Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Service Fabric Runtime Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21195"
}
],
"title": "Azure Service Fabric Runtime Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21195",
"datePublished": "2025-07-08T16:57:01.559Z",
"dateReserved": "2024-12-05T21:43:30.767Z",
"dateUpdated": "2026-02-13T19:06:37.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43480 (GCVE-0-2024-43480)
Vulnerability from nvd – Published: 2024-10-08 17:35 – Updated: 2025-07-08 15:38
VLAI
Title
Azure Service Fabric for Linux Remote Code Execution Vulnerability
Summary
Azure Service Fabric for Linux Remote Code Execution Vulnerability
Severity
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Service Fabric for Linux |
Affected:
9.1 , < 9.1.2498.1
(custom)
|
|
| Microsoft | Azure Service Fabric for Linux |
Affected:
10.0 , < 10.0.2345.1
(custom)
|
|
| Microsoft | Azure Service Fabric for Linux |
Affected:
10.1 , < 10.1.2308.1
(custom)
|
Date Public
2024-10-08 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:56:37.502659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:56:49.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric for Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.1.2498.1",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric for Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.2345.1",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric for Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.1.2308.1",
"status": "affected",
"version": "10.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.1.2498.1",
"versionStartIncluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.2345.1",
"versionStartIncluding": "10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.2308.1",
"versionStartIncluding": "10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-10-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure Service Fabric for Linux Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:38:24.270Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Service Fabric for Linux Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43480"
}
],
"title": "Azure Service Fabric for Linux Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-43480",
"datePublished": "2024-10-08T17:35:15.502Z",
"dateReserved": "2024-08-14T01:08:33.518Z",
"dateUpdated": "2025-07-08T15:38:24.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36868 (GCVE-0-2023-36868)
Vulnerability from nvd – Published: 2023-07-11 17:03 – Updated: 2025-01-01 01:53
VLAI
Title
Azure Service Fabric on Windows Information Disclosure Vulnerability
Summary
Azure Service Fabric on Windows Information Disclosure Vulnerability
Severity
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Service Fabric 9.0 for Windows |
Affected:
9.0 , < 9.0.1526.9590
(custom)
|
|
| Microsoft | Azure Service Fabric 9.1 for Windows |
Affected:
9.0 , < 9.1.1799.9590
(custom)
|
Date Public
2023-07-11 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T14:05:24.406707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T14:05:36.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure Service Fabric on Windows Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.0 for Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.1526.9590",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.1 for Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.1.1799.9590",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.1526.9590",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:-:*:*:*:*:*:*",
"versionEndExcluding": "9.1.1799.9590",
"versionStartIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-07-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure Service Fabric on Windows Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:53:06.750Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Service Fabric on Windows Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36868"
}
],
"title": "Azure Service Fabric on Windows Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36868",
"datePublished": "2023-07-11T17:03:30.593Z",
"dateReserved": "2023-06-27T20:26:38.144Z",
"dateUpdated": "2025-01-01T01:53:06.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23383 (GCVE-0-2023-23383)
Vulnerability from nvd – Published: 2023-03-14 16:55 – Updated: 2025-01-01 00:47
VLAI
Title
Service Fabric Explorer Spoofing Vulnerability
Summary
Service Fabric Explorer Spoofing Vulnerability
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Service Fabric 9.0 for Linux |
Affected:
9.0 , < 9.0.1317.1
(custom)
|
|
| Microsoft | Azure Service Fabric 9.1 for Windows |
Affected:
9.0 , < 9.1.1583.9590
(custom)
|
|
| Microsoft | Azure Service Fabric 9.1 for Ubuntu |
Affected:
9.0 , < 9.1.1388.1
(custom)
|
|
| Microsoft | Azure Service Fabric 9.0 for Windows |
Affected:
9.0 , < 9.0.1380.9590
(custom)
|
Date Public
2023-03-14 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:40.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Service Fabric Explorer Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:20:29.849765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:20:49.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.0 for Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.1317.1",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.1 for Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.1.1583.9590",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.1 for Ubuntu",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.1.1388.1",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.0 for Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.1380.9590",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.1317.1",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:-:*:*:*:*:*:*",
"versionEndExcluding": "9.1.1583.9590",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:-:*:*:*:*:*:*",
"versionEndExcluding": "9.1.1388.1",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.1380.9590",
"versionStartIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-03-14T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Service Fabric Explorer Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:47:48.246Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Service Fabric Explorer Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383"
}
],
"title": "Service Fabric Explorer Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-23383",
"datePublished": "2023-03-14T16:55:22.269Z",
"dateReserved": "2023-01-11T22:08:03.134Z",
"dateUpdated": "2025-01-01T00:47:48.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21531 (GCVE-0-2023-21531)
Vulnerability from nvd – Published: 2023-01-10 00:00 – Updated: 2025-01-01 00:35
VLAI
Title
Azure Service Fabric Container Elevation of Privilege Vulnerability
Summary
Azure Service Fabric Container Elevation of Privilege Vulnerability
Severity
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Service Fabric 8.2 |
Affected:
8.2 , < 8.2 CU8
(custom)
|
|
| Microsoft | Azure Service Fabric 9.0 for Linux |
Affected:
9.0 , < 9.0 CU5
(custom)
|
|
| Microsoft | Azure Service Fabric 9.1 |
Affected:
9.1 , < 9.1 CU1
(custom)
|
Date Public
2023-01-10 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T17:53:42.498470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T17:53:50.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure Service Fabric Container Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21531"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 8.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.2 CU8",
"status": "affected",
"version": "8.2",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.0 for Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0 CU5",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.1 CU1",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.2 CU8",
"versionStartIncluding": "8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0 CU5",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.1 CU1",
"versionStartIncluding": "9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-01-10T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure Service Fabric Container Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:35:32.483Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Service Fabric Container Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21531"
}
],
"title": "Azure Service Fabric Container Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21531",
"datePublished": "2023-01-10T00:00:00.000Z",
"dateReserved": "2022-12-01T00:00:00.000Z",
"dateUpdated": "2025-01-01T00:35:32.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35829 (GCVE-0-2022-35829)
Vulnerability from nvd – Published: 2022-10-11 00:00 – Updated: 2025-01-02 21:27
VLAI
Title
Service Fabric Explorer Spoofing Vulnerability
Summary
Service Fabric Explorer Spoofing Vulnerability
Severity
CWE
- Spoofing
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Service Fabric Explorer |
Affected:
8.1.0.0 , < 8.1.316.9590
(custom)
|
Date Public
2022-10-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35829"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric Explorer",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.1.316.9590",
"status": "affected",
"version": "8.1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.1.316.9590",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-10-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Service Fabric Explorer Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:27:06.115Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Service Fabric Explorer Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35829"
}
],
"title": "Service Fabric Explorer Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-35829",
"datePublished": "2022-10-11T00:00:00.000Z",
"dateReserved": "2022-07-13T00:00:00.000Z",
"dateUpdated": "2025-01-02T21:27:06.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27075 (GCVE-0-2021-27075)
Vulnerability from nvd – Published: 2021-03-11 15:50 – Updated: 2024-08-03 20:40
VLAI
Title
Azure Virtual Machine Information Disclosure Vulnerability
Summary
Azure Virtual Machine Information Disclosure Vulnerability
Severity
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Service Fabric |
Affected:
N/A
|
|
| Microsoft | Azure Spring Cloud |
Affected:
N/A
|
|
| Microsoft | Azure Container Instance |
Affected:
N/A
|
|
| Microsoft | Azure Kubernetes Service |
Affected:
1.0 , < publication
(custom)
cpe:2.3:a:microsoft:azure_kubernetes_service:-:*:*:*:*:*:*:* |
Date Public
2021-03-09 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Azure Spring Cloud",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Azure Container Instance",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_kubernetes_service:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Kubernetes Service",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-03-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure Virtual Machine Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T20:08:49.462Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27075"
}
],
"title": "Azure Virtual Machine Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-27075",
"datePublished": "2021-03-11T15:50:50.000Z",
"dateReserved": "2021-02-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:40:47.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-21195 (GCVE-0-2025-21195)
Vulnerability from cvelistv5 – Published: 2025-07-08 16:57 – Updated: 2026-02-13 19:06
VLAI
Title
Azure Service Fabric Runtime Elevation of Privilege Vulnerability
Summary
Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.
Severity
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Service Fabric |
Affected:
1.0.0 , < 10.1 Cumulative Update 7.0
(custom)
|
Date Public
2025-07-08 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T19:26:12.089085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T19:54:21.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Service Fabric",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.1 Cumulative Update 7.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:azure:service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1 Cumulative Update 7.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-07-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper link resolution before file access (\u0027link following\u0027) in Service Fabric allows an authorized attacker to elevate privileges locally."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:06:37.177Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Service Fabric Runtime Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21195"
}
],
"title": "Azure Service Fabric Runtime Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21195",
"datePublished": "2025-07-08T16:57:01.559Z",
"dateReserved": "2024-12-05T21:43:30.767Z",
"dateUpdated": "2026-02-13T19:06:37.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43480 (GCVE-0-2024-43480)
Vulnerability from cvelistv5 – Published: 2024-10-08 17:35 – Updated: 2025-07-08 15:38
VLAI
Title
Azure Service Fabric for Linux Remote Code Execution Vulnerability
Summary
Azure Service Fabric for Linux Remote Code Execution Vulnerability
Severity
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Service Fabric for Linux |
Affected:
9.1 , < 9.1.2498.1
(custom)
|
|
| Microsoft | Azure Service Fabric for Linux |
Affected:
10.0 , < 10.0.2345.1
(custom)
|
|
| Microsoft | Azure Service Fabric for Linux |
Affected:
10.1 , < 10.1.2308.1
(custom)
|
Date Public
2024-10-08 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:56:37.502659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:56:49.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric for Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.1.2498.1",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric for Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.2345.1",
"status": "affected",
"version": "10.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric for Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.1.2308.1",
"status": "affected",
"version": "10.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.1.2498.1",
"versionStartIncluding": "9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.2345.1",
"versionStartIncluding": "10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.2308.1",
"versionStartIncluding": "10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-10-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure Service Fabric for Linux Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:38:24.270Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Service Fabric for Linux Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43480"
}
],
"title": "Azure Service Fabric for Linux Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-43480",
"datePublished": "2024-10-08T17:35:15.502Z",
"dateReserved": "2024-08-14T01:08:33.518Z",
"dateUpdated": "2025-07-08T15:38:24.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36868 (GCVE-0-2023-36868)
Vulnerability from cvelistv5 – Published: 2023-07-11 17:03 – Updated: 2025-01-01 01:53
VLAI
Title
Azure Service Fabric on Windows Information Disclosure Vulnerability
Summary
Azure Service Fabric on Windows Information Disclosure Vulnerability
Severity
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Service Fabric 9.0 for Windows |
Affected:
9.0 , < 9.0.1526.9590
(custom)
|
|
| Microsoft | Azure Service Fabric 9.1 for Windows |
Affected:
9.0 , < 9.1.1799.9590
(custom)
|
Date Public
2023-07-11 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36868",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T14:05:24.406707Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T14:05:36.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure Service Fabric on Windows Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.0 for Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.1526.9590",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.1 for Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.1.1799.9590",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.1526.9590",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:-:*:*:*:*:*:*",
"versionEndExcluding": "9.1.1799.9590",
"versionStartIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-07-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure Service Fabric on Windows Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:53:06.750Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Service Fabric on Windows Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36868"
}
],
"title": "Azure Service Fabric on Windows Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-36868",
"datePublished": "2023-07-11T17:03:30.593Z",
"dateReserved": "2023-06-27T20:26:38.144Z",
"dateUpdated": "2025-01-01T01:53:06.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23383 (GCVE-0-2023-23383)
Vulnerability from cvelistv5 – Published: 2023-03-14 16:55 – Updated: 2025-01-01 00:47
VLAI
Title
Service Fabric Explorer Spoofing Vulnerability
Summary
Service Fabric Explorer Spoofing Vulnerability
Severity
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Service Fabric 9.0 for Linux |
Affected:
9.0 , < 9.0.1317.1
(custom)
|
|
| Microsoft | Azure Service Fabric 9.1 for Windows |
Affected:
9.0 , < 9.1.1583.9590
(custom)
|
|
| Microsoft | Azure Service Fabric 9.1 for Ubuntu |
Affected:
9.0 , < 9.1.1388.1
(custom)
|
|
| Microsoft | Azure Service Fabric 9.0 for Windows |
Affected:
9.0 , < 9.0.1380.9590
(custom)
|
Date Public
2023-03-14 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:40.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Service Fabric Explorer Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:20:29.849765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T18:20:49.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.0 for Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.1317.1",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.1 for Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.1.1583.9590",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.1 for Ubuntu",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.1.1388.1",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.0 for Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0.1380.9590",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.1317.1",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:-:*:*:*:*:*:*",
"versionEndExcluding": "9.1.1583.9590",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:-:*:*:*:*:*:*",
"versionEndExcluding": "9.1.1388.1",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0.1380.9590",
"versionStartIncluding": "9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-03-14T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Service Fabric Explorer Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:47:48.246Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Service Fabric Explorer Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383"
}
],
"title": "Service Fabric Explorer Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-23383",
"datePublished": "2023-03-14T16:55:22.269Z",
"dateReserved": "2023-01-11T22:08:03.134Z",
"dateUpdated": "2025-01-01T00:47:48.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21531 (GCVE-0-2023-21531)
Vulnerability from cvelistv5 – Published: 2023-01-10 00:00 – Updated: 2025-01-01 00:35
VLAI
Title
Azure Service Fabric Container Elevation of Privilege Vulnerability
Summary
Azure Service Fabric Container Elevation of Privilege Vulnerability
Severity
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Service Fabric 8.2 |
Affected:
8.2 , < 8.2 CU8
(custom)
|
|
| Microsoft | Azure Service Fabric 9.0 for Linux |
Affected:
9.0 , < 9.0 CU5
(custom)
|
|
| Microsoft | Azure Service Fabric 9.1 |
Affected:
9.1 , < 9.1 CU1
(custom)
|
Date Public
2023-01-10 08:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T17:53:42.498470Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T17:53:50.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Azure Service Fabric Container Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21531"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 8.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.2 CU8",
"status": "affected",
"version": "8.2",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.0 for Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.0 CU5",
"status": "affected",
"version": "9.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric 9.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "9.1 CU1",
"status": "affected",
"version": "9.1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.2 CU8",
"versionStartIncluding": "8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0 CU5",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.1 CU1",
"versionStartIncluding": "9.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-01-10T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure Service Fabric Container Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:35:32.483Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Azure Service Fabric Container Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21531"
}
],
"title": "Azure Service Fabric Container Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21531",
"datePublished": "2023-01-10T00:00:00.000Z",
"dateReserved": "2022-12-01T00:00:00.000Z",
"dateUpdated": "2025-01-01T00:35:32.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35829 (GCVE-0-2022-35829)
Vulnerability from cvelistv5 – Published: 2022-10-11 00:00 – Updated: 2025-01-02 21:27
VLAI
Title
Service Fabric Explorer Spoofing Vulnerability
Summary
Service Fabric Explorer Spoofing Vulnerability
Severity
CWE
- Spoofing
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Service Fabric Explorer |
Affected:
8.1.0.0 , < 8.1.316.9590
(custom)
|
Date Public
2022-10-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35829"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric Explorer",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.1.316.9590",
"status": "affected",
"version": "8.1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.1.316.9590",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-10-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Service Fabric Explorer Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:27:06.115Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Service Fabric Explorer Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35829"
}
],
"title": "Service Fabric Explorer Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-35829",
"datePublished": "2022-10-11T00:00:00.000Z",
"dateReserved": "2022-07-13T00:00:00.000Z",
"dateUpdated": "2025-01-02T21:27:06.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27075 (GCVE-0-2021-27075)
Vulnerability from cvelistv5 – Published: 2021-03-11 15:50 – Updated: 2024-08-03 20:40
VLAI
Title
Azure Virtual Machine Information Disclosure Vulnerability
Summary
Azure Virtual Machine Information Disclosure Vulnerability
Severity
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Azure Service Fabric |
Affected:
N/A
|
|
| Microsoft | Azure Spring Cloud |
Affected:
N/A
|
|
| Microsoft | Azure Container Instance |
Affected:
N/A
|
|
| Microsoft | Azure Kubernetes Service |
Affected:
1.0 , < publication
(custom)
cpe:2.3:a:microsoft:azure_kubernetes_service:-:*:*:*:*:*:*:* |
Date Public
2021-03-09 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:40:47.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Azure Service Fabric",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Azure Spring Cloud",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [],
"platforms": [
"Unknown"
],
"product": "Azure Container Instance",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:azure_kubernetes_service:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Azure Kubernetes Service",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-03-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Azure Virtual Machine Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T20:08:49.462Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27075"
}
],
"title": "Azure Virtual Machine Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-27075",
"datePublished": "2021-03-11T15:50:50.000Z",
"dateReserved": "2021-02-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:40:47.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}