Microsoft Azure Active Directory
Recent Microsoft Azure Active Directory Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2024-21381 | Microsoft Azure Active Directory B2C Spoofing Vulnerability | February 13, 2024 |
| CVE-2023-36871 | Azure Active Directory Security Feature Bypass Vulnerability | July 11, 2023 |
| CVE-2023-36871 | Azure Active Directory Security Feature Bypass Vulnerability | July 11, 2023 |
| CVE-2021-42306 | Azure Active Directory Information Disclosure Vulnerability | November 17, 2021 |
| CVE-2021-36949 | Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | August 10, 2021 |
By the Year
In 2024 there have been 1 vulnerability in Microsoft Azure Active Directory with an average score of 6.8 out of ten. Azure Active Directory did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 6.80 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 8.10 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Azure Active Directory vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Azure Active Directory Security Vulnerabilities
Microsoft Azure Active Directory B2C Spoofing Vulnerability
CVE-2024-21381
6.8 - Medium
- February 13, 2024
Microsoft Azure Active Directory B2C Spoofing Vulnerability
<p>An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate <a href="https://docs.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0">keyCredential</a>? on an Azure AD <a href="https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals">Application or Service Principal</a> (
CVE-2021-42306
8.1 - High
- November 24, 2021
<p>An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate <a href="https://docs.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0">keyCredential</a>? on an Azure AD <a href="https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals">Application or Service Principal</a> (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.</p> <p>Azure AD?addressed this vulnerability by preventing disclosure of any private key?values added?to the application.</p> <p>Microsoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information.</p> <p>For more details on this issue, please refer to the <a href="https://aka.ms/CVE-2021-42306-AAD">MSRC Blog Entry</a>.</p>
Insufficiently Protected Credentials
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Azure Migrate or by Microsoft? Click the Watch button to subscribe.
