Lucene search

Kaspersky LabKLA50322

HistoryJun 13, 2023 - 12:00 a.m.

KLA50322 Multiple vulnerabilities in Microsoft Azure

2023-06-1300:00:00

Kaspersky Lab

threats.kaspersky.com

spoofing

microsoft azure

devops server

high severity

windows update

sui

cve-2023-21565

cve-2023-21569

kaspersky

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

47.0%

JSON

A spoofing vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to spoof user interface.

Original advisories

CVE-2023-21569

CVE-2023-21565

Related products

Microsoft-Azure

CVE list

CVE-2023-21565 high

CVE-2023-21569 high

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

Azure DevOps Server 2022.0.1Azure DevOps Server 2022

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21565

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21569

statistics.securelist.com/

threats.kaspersky.com/en/product/Microsoft-Azure/

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

47.0%

JSON

Related for KLA50322