GCVE-VVD-NCSC-2024-335

Advisory PublishedCVSS 9.3/10

Vulnetix · Advisory published August 13, 2024

Microsoft heeft kwetsbaarheden verholpen in diverse Azure componenten.

Weaknesses (CWE)

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-20Improper Input ValidationCWE-59Improper Link Resolution Before File Access ('Link Following')CWE-284Improper Access ControlCWE-918Server-Side Request Forgery (SSRF)

Risk Scores

CVSS 3.1

9.3/10

Critical · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

Affected Products

Vendor	Product	Versions	Platforms
microsoft	azure_stack_hub	—	—
microsoft	azure_connected_machine_agent	—	—
microsoft	azure_cyclecloud_8.2.0	—	—
microsoft	azure_cyclecloud_8.0.0	—	—
microsoft	azure_cyclecloud_8.6.0	—	—
microsoft	azure_cyclecloud_8.0.1	—	—
microsoft	azure_cyclecloud_8.0.2	—	—
microsoft	azure_cyclecloud_8.1.0	—	—
microsoft	azure_cyclecloud_8.1.1	—	—
microsoft	azure_cyclecloud_8.2.2	—	—
microsoft	azure_cyclecloud_8.2.1	—	—
microsoft	azure_cyclecloud_8.3.0	—	—
microsoft	azure_cyclecloud_8.4.0	—	—
microsoft	azure_cyclecloud_8.4.1	—	—
microsoft	azure_cyclecloud_8.4.2	—	—
microsoft	azure_cyclecloud_8.5.0	—	—
microsoft	azure_cyclecloud	—	—
microsoft	azure_health_bot	—	—

References

advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON