VDB

GCVE-110-CLOUD-2024-0025

GCVE-110-CLOUD-2024-0025
Advisory Published
Vulnetix · Advisory published August 7, 2024
Semperis researchers discovered vulnerabilities in Microsoft applications that allowed privilege elevation in Entra ID beyond expected authorization controls. The most severe finding enabled adding users to privileged roles, including Global Administrator, without proper permissions. The issues affected Device Registration Service, Viva Engage, and Microsoft Rights Management Service. Microsoft has since resolved the vulnerabilities.

Affected Products

VendorProductVersionsPlatforms
AzureEntra ID, Device Registration Service, Viva Engage, Microsoft Rights Management Service
AzureEntra

References

advisory

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›