VDB
GCVE-110-CLOUD-2022-0024
GCVE-110-CLOUD-2022-0024
Advisory Published
The Microsoft Azure Site Recovery suite contained a DLL hijacking flaw that allowed for
privilege escalation from any low privileged user to SYSTEM on hosts where this service was installed.
Incorrect permissions on the cxprocessserver service's executable directory allowed new files to be
created in it by any user. Since the service ran automatically and with SYSTEM privileges and attempted
to load DLLs from the directory, this allowed for a DLL hijacking / planting attack.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Azure | Azure Site Recovery | — | — |
| Azure | Cloud Services | — | — |
Aliases
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.