CVE-2024-49035

Published Nov 26, 2024

Last updated a month ago

CVSS high 8.7

Overview

Description
An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.
Source
secure@microsoft.com
NVD status
Received
CNA Tags
exclusively-hosted-service

Risk scores

CVSS 3.1

Type
Primary
Base score
8.7
Impact score
5.8
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Severity
HIGH

Weaknesses

secure@microsoft.com
CWE-269

Social media

Hype score
Not currently trending

  1. Microsoft patches 4 critical security flaws, including one exploited in the wild (CVE-2024-49035). Fixes for Power Apps, Copilot Studio, Azure, & Dynamics 365 are available. Update your apps! #Cyber https://t.co/UlmlJ9X7ts

    @TLDRStories

    3 Dec 2024

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Here are some notable updates in information security: Vulnerabilities and Patches - Microsoft addressed critical security flaws in its AI, cloud, and ERP offerings, with one flaw (CVE-2024-49035) already being exploited in the wild. - Palo Alto Networks patched… https://t.

    @johnmstark

    1 Dec 2024

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Alerte ! Microsoft corrige les failles de sécurité dans l'IA, le Cloud et l'ERP, dont une exploitée activement. La vulnérabilité CVE-2024-49035 est évaluée à 8.7 CVSS. Analyse pour les Analystes Sécurité #Cybersecurite #ExploitZeroDay 👉 https://t.co/KTKvSrZsV4

    @CyberAlertFr

    30 Nov 2024

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Microsoft just addressed critical security flaws impacting its AI, cloud, and ERP offerings, with one flaw (CVE-2024-49035) already exploited in the wild. Get the full details — https://t.co/7GgYxWYC7R

    @ExposinKingfish

    29 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner[.]microsoft[.]com. https://t.co/BFCQ0CXjuD

    @jbhall56

    29 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Microsoft fixed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center, including one that has been exploited in the wild, CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw. https://t.co/90MReKOtwM https

    @riskigy

    29 Nov 2024

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Phishing-as-a-Service e vulnerabilità nei servizi Microsoft Sicurezza Informatica, CVE-2024-49035, FUD, Microsoft, Phishing-as-a-Service, QR phishing, Rockstar 2FA, sicurezza cloud, vulnerabilità https://t.co/PR2PLTu71O https://t.co/z9eOBy900f

    @matricedigitale

    29 Nov 2024

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 Microsoft just addressed critical security flaws impacting its AI, cloud, and ERP offerings, with one flaw (CVE-2024-49035) already exploited in the wild. Get the full details — https://t.co/ieHHnTJkAb #cybersecurity #infosec

    @TheHackersNews

    29 Nov 2024

    10007 Impressions

    38 Retweets

    62 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  9. 🧐 Exploited: Yes Exploitability assessment:Exploitation Detected CVE-2024-49035 - Security Update Guide - Microsoft - Partner .Microsoft .Com Elevation of Privilege Vulnerability https://t.co/dZj7l2WlmU

    @autumn_good_35

    28 Nov 2024

    106 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. We have just added an important vulnerability affecting Microsoft Partner Center (CVE-2024-49035) https://t.co/CZ7zweRJYI

    @vuldb

    27 Nov 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. #securityupdate #microsoft #定例外 2024.11.26 https://t.co/YUP9SxlOAw の特権昇格の脆弱性 CVE-2024-49035 Security Vulnerability リリース日: 2024年11月26日 - マイクロソフト https://t.co/YyoFBhmp1X

    @kawn2020

    27 Nov 2024

    83 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    1 Quote

  12. 🚨 CVE-2024-49035: Critical vuln in Microsoft Partner Center's https://t.co/g05k4Z0wqP leads to privilege management issues. Impact: Potential account takeover. Action: Apply patches immediately once available from Microsoft. #CyberSecurity #PartnerCenter

    @oktsec

    26 Nov 2024

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. [CVE-2024-49035: HIGH] An improper access control vulnerability in https://t.co/vxEMYyb8CF allows an a unauthenticated attacker to elevate privileges over a network.#cybersecurity,#vulnerability https://t.co/dj1k1IlXgo https://t.co/hxily87LCX

    @CveFindCom

    26 Nov 2024

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References