CVE-2024-49035: Partner.Microsoft.Com Elevation of Privilege Vulnerability

8.7 CVSS

Description

An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.

🚨 Marked as known exploited on February 25th, 2025 (about 2 months ago).

CVSS Base Severity: HIGH

CVSS Base Score: 8.7

CVSS Vector:

Vendor: Microsoft

Product: Microsoft Partner Center

EPSS Score: 0.19% (probability of being exploited)

EPSS Percentile: 56.99% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

2024-11-27 14:42:01 UTC
CVE

Partner.Microsoft.Com Elevation of Privilege Vulnerability
2025-02-25 16:15:14 UTC
CISA KEV

Microsoft Partner Center Improper Access Control Vulnerability
2025-02-25 16:15:41 UTC
🚨 Marked as Known Exploited
2025-02-25 16:45:22 UTC
All CISA Advisories

CISA Adds Two Known Exploited Vulnerabilities to Catalog
2025-02-26 05:15:22 UTC
TheHackerNews

CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation