VDB
GCVE-110-CLOUD-2022-0001
GCVE-110-CLOUD-2022-0001
Advisory Published
Azure Cognitive Search (ACS) is a full-text search engine service.
A new non-default feature allowed for a network control to bypassed, permitting an attacker to submit search queries to any other tenant's network-isolated ACS instance. However, abusing this required a valid API key
to access the data plane of the target, along with a number of pieces of information about the target environment (such as the subscription ID and the name of the index to query).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Azure | Cognitive Search | — | — |
| Azure | Cloud Services | — | — |
Browse GCVE Records
73,734 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.