CVE-2024-49035

Partner.Microsoft.Com Elevation of Privilege Vulnerability

Basic Information

CVE State: PUBLISHED
Reserved Date: October 11, 2024
Published Date: November 26, 2024
Last Updated: February 26, 2025
Vendor: Microsoft
Product: Microsoft Partner Center
Description: An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.

CVSS Scores

CVSS v3.1

8.7 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2025-02-25 00:00:00 UTC) Source

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49035

Known Exploited Vulnerability Information

Source	Added Date
CISA	2025-02-25 00:00:00 UTC