Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for azure_service_fabric by microsoft

    CVE-2025-21195 (GCVE-0-2025-21195)

    Vulnerability from nvd – Published: 2025-07-08 16:57 – Updated: 2026-02-13 19:06
    VLAI
    Title
    Azure Service Fabric Runtime Elevation of Privilege Vulnerability
    Summary
    Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Service Fabric Affected: 1.0.0 , < 10.1 Cumulative Update 7.0 (custom)
    Create a notification for this product.
    Date Public
    2025-07-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21195",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T19:26:12.089085Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T19:54:21.588Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Fabric",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.1 Cumulative Update 7.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:azure:service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.1 Cumulative Update 7.0",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-07-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper link resolution before file access (\u0027link following\u0027) in Service Fabric allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:06:37.177Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure Service Fabric Runtime Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21195"
            }
          ],
          "title": "Azure Service Fabric Runtime Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21195",
        "datePublished": "2025-07-08T16:57:01.559Z",
        "dateReserved": "2024-12-05T21:43:30.767Z",
        "dateUpdated": "2026-02-13T19:06:37.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-43480 (GCVE-0-2024-43480)

    Vulnerability from nvd – Published: 2024-10-08 17:35 – Updated: 2026-06-09 18:27
    VLAI
    Title
    Azure Service Fabric for Linux Remote Code Execution Vulnerability
    Summary
    Azure Service Fabric for Linux Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Date Public
    2024-10-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43480",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:56:37.502659Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:56:49.232Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Azure Service Fabric for Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.1.2498.1",
                  "status": "affected",
                  "version": "9.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Azure Service Fabric for Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.2345.1",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Azure Service Fabric for Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.1.2308.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.1.2498.1",
                      "versionStartIncluding": "9.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.2345.1",
                      "versionStartIncluding": "10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.1.2308.1",
                      "versionStartIncluding": "10.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure Service Fabric for Linux Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:27:53.793Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure Service Fabric for Linux Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43480"
            }
          ],
          "title": "Azure Service Fabric for Linux Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43480",
        "datePublished": "2024-10-08T17:35:15.502Z",
        "dateReserved": "2024-08-14T01:08:33.518Z",
        "dateUpdated": "2026-06-09T18:27:53.793Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-36868 (GCVE-0-2023-36868)

    Vulnerability from nvd – Published: 2023-07-11 17:03 – Updated: 2025-01-01 01:53
    VLAI
    Title
    Azure Service Fabric on Windows Information Disclosure Vulnerability
    Summary
    Azure Service Fabric on Windows Information Disclosure Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Date Public
    2023-07-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36868",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T14:05:24.406707Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-12T14:05:36.602Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:01:09.680Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Azure Service Fabric on Windows Information Disclosure Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36868"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.0 for Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1526.9590",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.1 for Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.1.1799.9590",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1526.9590",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "9.1.1799.9590",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-07-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure Service Fabric on Windows Information Disclosure Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:53:06.750Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure Service Fabric on Windows Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36868"
            }
          ],
          "title": "Azure Service Fabric on Windows Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36868",
        "datePublished": "2023-07-11T17:03:30.593Z",
        "dateReserved": "2023-06-27T20:26:38.144Z",
        "dateUpdated": "2025-01-01T01:53:06.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23383 (GCVE-0-2023-23383)

    Vulnerability from nvd – Published: 2023-03-14 16:55 – Updated: 2025-01-01 00:47
    VLAI
    Title
    Service Fabric Explorer Spoofing Vulnerability
    Summary
    Service Fabric Explorer Spoofing Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Date Public
    2023-03-14 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:40.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Service Fabric Explorer Spoofing Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23383",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:20:29.849765Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:20:49.753Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.0 for Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1317.1",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.1 for Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.1.1583.9590",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.1 for Ubuntu",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.1.1388.1",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.0 for Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1380.9590",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1317.1",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "9.1.1583.9590",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "9.1.1388.1",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1380.9590",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-03-14T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Service Fabric Explorer Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T00:47:48.246Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Service Fabric Explorer Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383"
            }
          ],
          "title": "Service Fabric Explorer Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-23383",
        "datePublished": "2023-03-14T16:55:22.269Z",
        "dateReserved": "2023-01-11T22:08:03.134Z",
        "dateUpdated": "2025-01-01T00:47:48.246Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-21531 (GCVE-0-2023-21531)

    Vulnerability from nvd – Published: 2023-01-10 00:00 – Updated: 2025-01-01 00:35
    VLAI
    Title
    Azure Service Fabric Container Elevation of Privilege Vulnerability
    Summary
    Azure Service Fabric Container Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Date Public
    2023-01-10 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-21531",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-03T17:53:42.498470Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-03T17:53:50.791Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:44:01.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Azure Service Fabric Container Elevation of Privilege Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21531"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 8.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.2 CU8",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.0 for Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0 CU5",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.1 CU1",
                  "status": "affected",
                  "version": "9.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.2 CU8",
                      "versionStartIncluding": "8.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0 CU5",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.1 CU1",
                      "versionStartIncluding": "9.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure Service Fabric Container Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T00:35:32.483Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure Service Fabric Container Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21531"
            }
          ],
          "title": "Azure Service Fabric Container Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-21531",
        "datePublished": "2023-01-10T00:00:00.000Z",
        "dateReserved": "2022-12-01T00:00:00.000Z",
        "dateUpdated": "2025-01-01T00:35:32.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-35829 (GCVE-0-2022-35829)

    Vulnerability from nvd – Published: 2022-10-11 00:00 – Updated: 2025-01-02 21:27
    VLAI
    Title
    Service Fabric Explorer Spoofing Vulnerability
    Summary
    Service Fabric Explorer Spoofing Vulnerability
    CWE
    • Spoofing
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Azure Service Fabric Explorer Affected: 8.1.0.0 , < 8.1.316.9590 (custom)
    Create a notification for this product.
    Date Public
    2022-10-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:44:22.080Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35829"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric Explorer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.1.316.9590",
                  "status": "affected",
                  "version": "8.1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.1.316.9590",
                      "versionStartIncluding": "8.1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2022-10-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Service Fabric Explorer Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-02T21:27:06.115Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Service Fabric Explorer Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35829"
            }
          ],
          "title": "Service Fabric Explorer Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2022-35829",
        "datePublished": "2022-10-11T00:00:00.000Z",
        "dateReserved": "2022-07-13T00:00:00.000Z",
        "dateUpdated": "2025-01-02T21:27:06.115Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27075 (GCVE-0-2021-27075)

    Vulnerability from nvd – Published: 2021-03-11 15:50 – Updated: 2024-08-03 20:40
    VLAI
    Title
    Azure Virtual Machine Information Disclosure Vulnerability
    Summary
    Azure Virtual Machine Information Disclosure Vulnerability
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Date Public
    2021-03-09 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:40:47.025Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27075"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "cpes": [],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Spring Cloud",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "cpes": [],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Container Instance",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:azure_kubernetes_service:-:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Kubernetes Service",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-03-09T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure Virtual Machine Information Disclosure Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-29T20:08:49.462Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27075"
            }
          ],
          "title": "Azure Virtual Machine Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-27075",
        "datePublished": "2021-03-11T15:50:50.000Z",
        "dateReserved": "2021-02-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:40:47.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-21195 (GCVE-0-2025-21195)

    Vulnerability from cvelistv5 – Published: 2025-07-08 16:57 – Updated: 2026-02-13 19:06
    VLAI
    Title
    Azure Service Fabric Runtime Elevation of Privilege Vulnerability
    Summary
    Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-59 - Improper Link Resolution Before File Access ('Link Following')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Service Fabric Affected: 1.0.0 , < 10.1 Cumulative Update 7.0 (custom)
    Create a notification for this product.
    Date Public
    2025-07-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21195",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T19:26:12.089085Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T19:54:21.588Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Service Fabric",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.1 Cumulative Update 7.0",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:azure:service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.1 Cumulative Update 7.0",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-07-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper link resolution before file access (\u0027link following\u0027) in Service Fabric allows an authorized attacker to elevate privileges locally."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-59",
                  "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:06:37.177Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure Service Fabric Runtime Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21195"
            }
          ],
          "title": "Azure Service Fabric Runtime Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21195",
        "datePublished": "2025-07-08T16:57:01.559Z",
        "dateReserved": "2024-12-05T21:43:30.767Z",
        "dateUpdated": "2026-02-13T19:06:37.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-43480 (GCVE-0-2024-43480)

    Vulnerability from cvelistv5 – Published: 2024-10-08 17:35 – Updated: 2026-06-09 18:27
    VLAI
    Title
    Azure Service Fabric for Linux Remote Code Execution Vulnerability
    Summary
    Azure Service Fabric for Linux Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Date Public
    2024-10-08 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-43480",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:56:37.502659Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:56:49.232Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Azure Service Fabric for Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.1.2498.1",
                  "status": "affected",
                  "version": "9.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Azure Service Fabric for Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.2345.1",
                  "status": "affected",
                  "version": "10.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Azure Service Fabric for Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.1.2308.1",
                  "status": "affected",
                  "version": "10.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.1.2498.1",
                      "versionStartIncluding": "9.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.2345.1",
                      "versionStartIncluding": "10.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.1.2308.1",
                      "versionStartIncluding": "10.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-10-08T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure Service Fabric for Linux Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T18:27:53.793Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure Service Fabric for Linux Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43480"
            }
          ],
          "title": "Azure Service Fabric for Linux Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-43480",
        "datePublished": "2024-10-08T17:35:15.502Z",
        "dateReserved": "2024-08-14T01:08:33.518Z",
        "dateUpdated": "2026-06-09T18:27:53.793Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-36868 (GCVE-0-2023-36868)

    Vulnerability from cvelistv5 – Published: 2023-07-11 17:03 – Updated: 2025-01-01 01:53
    VLAI
    Title
    Azure Service Fabric on Windows Information Disclosure Vulnerability
    Summary
    Azure Service Fabric on Windows Information Disclosure Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Date Public
    2023-07-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36868",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T14:05:24.406707Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-12T14:05:36.602Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:01:09.680Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Azure Service Fabric on Windows Information Disclosure Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36868"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.0 for Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1526.9590",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.1 for Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.1.1799.9590",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1526.9590",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "9.1.1799.9590",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-07-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure Service Fabric on Windows Information Disclosure Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:53:06.750Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure Service Fabric on Windows Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36868"
            }
          ],
          "title": "Azure Service Fabric on Windows Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36868",
        "datePublished": "2023-07-11T17:03:30.593Z",
        "dateReserved": "2023-06-27T20:26:38.144Z",
        "dateUpdated": "2025-01-01T01:53:06.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23383 (GCVE-0-2023-23383)

    Vulnerability from cvelistv5 – Published: 2023-03-14 16:55 – Updated: 2025-01-01 00:47
    VLAI
    Title
    Service Fabric Explorer Spoofing Vulnerability
    Summary
    Service Fabric Explorer Spoofing Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Date Public
    2023-03-14 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:28:40.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Service Fabric Explorer Spoofing Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23383",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-08T18:20:29.849765Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-08T18:20:49.753Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.0 for Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1317.1",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.1 for Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.1.1583.9590",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.1 for Ubuntu",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.1.1388.1",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.0 for Windows",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0.1380.9590",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1317.1",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "9.1.1583.9590",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "9.1.1388.1",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0.1380.9590",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-03-14T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Service Fabric Explorer Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T00:47:48.246Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Service Fabric Explorer Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23383"
            }
          ],
          "title": "Service Fabric Explorer Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-23383",
        "datePublished": "2023-03-14T16:55:22.269Z",
        "dateReserved": "2023-01-11T22:08:03.134Z",
        "dateUpdated": "2025-01-01T00:47:48.246Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-21531 (GCVE-0-2023-21531)

    Vulnerability from cvelistv5 – Published: 2023-01-10 00:00 – Updated: 2025-01-01 00:35
    VLAI
    Title
    Azure Service Fabric Container Elevation of Privilege Vulnerability
    Summary
    Azure Service Fabric Container Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Date Public
    2023-01-10 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-21531",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-03T17:53:42.498470Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-03T17:53:50.791Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:44:01.282Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Azure Service Fabric Container Elevation of Privilege Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21531"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 8.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.2 CU8",
                  "status": "affected",
                  "version": "8.2",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.0 for Linux",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.0 CU5",
                  "status": "affected",
                  "version": "9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric 9.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "9.1 CU1",
                  "status": "affected",
                  "version": "9.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.2 CU8",
                      "versionStartIncluding": "8.2",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.0 CU5",
                      "versionStartIncluding": "9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "9.1 CU1",
                      "versionStartIncluding": "9.1",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-01-10T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure Service Fabric Container Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T00:35:32.483Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Azure Service Fabric Container Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21531"
            }
          ],
          "title": "Azure Service Fabric Container Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-21531",
        "datePublished": "2023-01-10T00:00:00.000Z",
        "dateReserved": "2022-12-01T00:00:00.000Z",
        "dateUpdated": "2025-01-01T00:35:32.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-35829 (GCVE-0-2022-35829)

    Vulnerability from cvelistv5 – Published: 2022-10-11 00:00 – Updated: 2025-01-02 21:27
    VLAI
    Title
    Service Fabric Explorer Spoofing Vulnerability
    Summary
    Service Fabric Explorer Spoofing Vulnerability
    CWE
    • Spoofing
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Azure Service Fabric Explorer Affected: 8.1.0.0 , < 8.1.316.9590 (custom)
    Create a notification for this product.
    Date Public
    2022-10-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:44:22.080Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35829"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric Explorer",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.1.316.9590",
                  "status": "affected",
                  "version": "8.1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:azure_service_fabric:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "8.1.316.9590",
                      "versionStartIncluding": "8.1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2022-10-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Service Fabric Explorer Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-02T21:27:06.115Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Service Fabric Explorer Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35829"
            }
          ],
          "title": "Service Fabric Explorer Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2022-35829",
        "datePublished": "2022-10-11T00:00:00.000Z",
        "dateReserved": "2022-07-13T00:00:00.000Z",
        "dateUpdated": "2025-01-02T21:27:06.115Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-27075 (GCVE-0-2021-27075)

    Vulnerability from cvelistv5 – Published: 2021-03-11 15:50 – Updated: 2024-08-03 20:40
    VLAI
    Title
    Azure Virtual Machine Information Disclosure Vulnerability
    Summary
    Azure Virtual Machine Information Disclosure Vulnerability
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Date Public
    2021-03-09 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:40:47.025Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27075"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Service Fabric",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "cpes": [],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Spring Cloud",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "cpes": [],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Container Instance",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "N/A"
                }
              ]
            },
            {
              "cpes": [
                "cpe:2.3:a:microsoft:azure_kubernetes_service:-:*:*:*:*:*:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Azure Kubernetes Service",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "publication",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-03-09T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Azure Virtual Machine Information Disclosure Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-29T20:08:49.462Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27075"
            }
          ],
          "title": "Azure Virtual Machine Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-27075",
        "datePublished": "2021-03-11T15:50:50.000Z",
        "dateReserved": "2021-02-10T00:00:00.000Z",
        "dateUpdated": "2024-08-03T20:40:47.025Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }