VDB

GCVE-110-CLOUD-2022-0032

GCVE-110-CLOUD-2022-0032
Advisory Published
Vulnetix · Advisory published May 9, 2022
Azure Synapse Analytics and Azure Data Factory were vulnerable to cross-tenant access and code execution. This was made possible via a combination of (1) a shell injection RCE vulnerability in the integration runtime, (2) credentials for multiple customers stored on a shared host and (3) an insecure management server API.

Affected Products

VendorProductVersionsPlatforms
AzureSynapse Analytics, Data Factory
AzureSynapse
AzureData Factory

References

Synlapse
advisory
advisory
advisory
advisory

Browse GCVE Records

72,409 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›