Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network.
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Link | Tags |
---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49052 | vendor advisory |