Microsoft Vulnerabilities
Comprehensive security vulnerability database for Microsoft products
6
0
6
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2023-38188 | 4.5 | This vulnerability allows an attacker to impersonate a legitimate user in Azure HDInsight, potentially gaining unauthorized access to sensitive data or resources. To exploit this flaw, the attacker must be able to send specially crafted requests to the system, which requires some level of access to the network where HDInsight is deployed. | microsoftazure hdinsight | Theoretical | over 2 years agoAug 8, 2023 |
| CVE-2023-36881 | 4.5 | This vulnerability allows an attacker to impersonate a legitimate user in Azure HDInsight, potentially gaining unauthorized access to sensitive data and resources. To exploit this, the attacker must already have access to the network where the Azure service is running. | microsoftazure hdinsight | Theoretical | over 2 years agoAug 8, 2023 |
| CVE-2023-36877 | 4.5 | This vulnerability allows an attacker to impersonate a legitimate user in Azure HDInsight's Apache Oozie service, potentially leading to unauthorized access to sensitive data or operations. To exploit this, the attacker must have network access to the affected service and be able to send specially crafted requests. | microsoftazure hdinsight | Exploit Available | over 2 years agoAug 8, 2023 |
| CVE-2023-35394 | 4.6 | This vulnerability allows an attacker to spoof a Jupyter Notebook in Azure HDInsight, potentially misleading users into executing malicious code. To exploit this, the attacker must have access to the same network or environment where the vulnerable service is running. | microsoftazure hdinsight | Exploit Available | over 2 years agoAug 8, 2023 |
| CVE-2023-35393 | 4.5 | This vulnerability allows an attacker to impersonate a legitimate user in Azure HDInsight, potentially gaining unauthorized access to sensitive data or resources. To exploit this flaw, the attacker must have network access to the affected system and be able to send specially crafted requests. | microsoftazure hdinsight | Theoretical | over 2 years agoAug 8, 2023 |
| CVE-2023-23408 | 4.5 | This vulnerability allows an attacker to impersonate a legitimate user within Azure HDInsight, potentially gaining unauthorized access to sensitive information or control over the system. To exploit this, the attacker must be able to send specially crafted requests to the Apache Ambari service, which manages the cluster. | microsoftazure hdinsight | Exploit Available | almost 3 years agoMar 14, 2023 |
About Microsoft Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Microsoft products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.