Azure App Service On Azure Stack
CVE-2023-21777
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
Lifecycle Timeline
1DescriptionNVD
Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability
AnalysisAI
Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-284. Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability Affected products include: Microsoft Azure App Service On Azure Stack.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length o
A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user
Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclo
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today