AI description
CVE-2024-49035 is an improper access control vulnerability found in Microsoft Partner Center (partner.microsoft.com). This flaw allows unauthenticated attackers to gain elevated privileges over a network. The vulnerability was disclosed by Microsoft in November 2024. Microsoft credited Gautam Peri, Apoorv Wadhwa, and an anonymous researcher for reporting the vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities Catalog, indicating it has been observed being actively exploited in the wild.
- Description
- An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- CNA Tags
- exclusively-hosted-service
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Microsoft Partner Center Improper Access Control Vulnerability
- Exploit added on
- Feb 25, 2025
- Exploit action due
- Mar 18, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-269
- nvd@nist.gov
- NVD-CWE-Other
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
13
🚨 Security Alert: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Microsoft's Partner Center (CVE-2024-49035) to its Known Exploited Vulnerabilities Catalog, citing active exploitation.
@allnewsjack
27 Feb 2025
48 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-49035 #Microsoft Partner Center Improper Access Control Vulnerability https://t.co/7gRaVEBjse
@ScyScan
26 Feb 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Microsoft Partner Center Privilege Escalation Vulnerability 📅 Timeline: Disclosed: 2024-11-01, Patched: November 2024 📌 Attribution: CISA confirmed active exploitation 🆔 CVE ID: CVE-2024-49035 📊 Base Score: 9.8 📏 CVSS Metrics:… https://t.co/
@syedaquib77
26 Feb 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-49035
@transilienceai
26 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
csirt_it: ‼️ #Microsoft: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2024-49035 – già sanata dal vendor – relativa al prodotto #MicrosoftPartnerCenter Rischio: 🟠 Tipologia: 🔸 Elevation of Privilege 🔗 https://t.co/pl4YPcJh9B 🔄 … https://t.co/O9etfvly4q
@Vulcanux_
26 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE Alert: Microsoft Partner Center Improper Access Control Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-49035 (8.7/10) Microsoft Partner Center Improper Access Control Vulnerability Impact A Successful exploit may allow an a unauthenticated attacker
@CyberxtronTech
26 Feb 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐 CISA has just added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog—both actively exploited. Hook: Microsoft Partner Center’s CVE-2024-49035 and Synacor ZCS’s CVE-2023-34192 are putting organizations at risk. Read the full article:… https://
@TheHackersNews
26 Feb 2025
34078 Impressions
31 Retweets
89 Likes
11 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-49035
@transilienceai
26 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Microsoft patches 4 critical security flaws, including one exploited in the wild (CVE-2024-49035). Fixes for Power Apps, Copilot Studio, Azure, & Dynamics 365 are available. Update your apps! #Cyber https://t.co/UlmlJ9X7ts
@TLDRStories
3 Dec 2024
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Here are some notable updates in information security: Vulnerabilities and Patches - Microsoft addressed critical security flaws in its AI, cloud, and ERP offerings, with one flaw (CVE-2024-49035) already being exploited in the wild. - Palo Alto Networks patched… https://t.
@johnmstark
1 Dec 2024
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Alerte ! Microsoft corrige les failles de sécurité dans l'IA, le Cloud et l'ERP, dont une exploitée activement. La vulnérabilité CVE-2024-49035 est évaluée à 8.7 CVSS. Analyse pour les Analystes Sécurité #Cybersecurite #ExploitZeroDay 👉 https://t.co/KTKvSrZsV4
@CyberAlertFr
30 Nov 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft just addressed critical security flaws impacting its AI, cloud, and ERP offerings, with one flaw (CVE-2024-49035) already exploited in the wild. Get the full details — https://t.co/7GgYxWYC7R
@ExposinKingfish
29 Nov 2024
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner[.]microsoft[.]com. https://t.co/BFCQ0CXjuD
@jbhall56
29 Nov 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft fixed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center, including one that has been exploited in the wild, CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw. https://t.co/90MReKOtwM https
@riskigy
29 Nov 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Phishing-as-a-Service e vulnerabilità nei servizi Microsoft Sicurezza Informatica, CVE-2024-49035, FUD, Microsoft, Phishing-as-a-Service, QR phishing, Rockstar 2FA, sicurezza cloud, vulnerabilità https://t.co/PR2PLTu71O https://t.co/z9eOBy900f
@matricedigitale
29 Nov 2024
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Microsoft just addressed critical security flaws impacting its AI, cloud, and ERP offerings, with one flaw (CVE-2024-49035) already exploited in the wild. Get the full details — https://t.co/ieHHnTJkAb #cybersecurity #infosec
@TheHackersNews
29 Nov 2024
10007 Impressions
38 Retweets
62 Likes
8 Bookmarks
1 Reply
0 Quotes
🧐 Exploited: Yes Exploitability assessment:Exploitation Detected CVE-2024-49035 - Security Update Guide - Microsoft - Partner .Microsoft .Com Elevation of Privilege Vulnerability https://t.co/dZj7l2WlmU
@autumn_good_35
28 Nov 2024
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We have just added an important vulnerability affecting Microsoft Partner Center (CVE-2024-49035) https://t.co/CZ7zweRJYI
@vuldb
27 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#securityupdate #microsoft #定例外 2024.11.26 https://t.co/YUP9SxlOAw の特権昇格の脆弱性 CVE-2024-49035 Security Vulnerability リリース日: 2024年11月26日 - マイクロソフト https://t.co/YyoFBhmp1X
@kawn2020
27 Nov 2024
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
🚨 CVE-2024-49035: Critical vuln in Microsoft Partner Center's https://t.co/g05k4Z0wqP leads to privilege management issues. Impact: Potential account takeover. Action: Apply patches immediately once available from Microsoft. #CyberSecurity #PartnerCenter
@oktsec
26 Nov 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-49035: HIGH] An improper access control vulnerability in https://t.co/vxEMYyb8CF allows an a unauthenticated attacker to elevate privileges over a network.#cybersecurity,#vulnerability https://t.co/dj1k1IlXgo https://t.co/hxily87LCX
@CveFindCom
26 Nov 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:partner_center:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A400A527-15CD-4F9D-A42D-A453ABE04769"
}
],
"operator": "OR"
}
]
}
]