Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
msrcMicrosoft Security Response CenterMSRC:B00D3A19A9D056B76528B067E65DF694
HistoryOct 19, 2022 - 7:00 a.m.

Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk

2022-10-1907:00:00
Microsoft Security Response Center
msrc.microsoft.com
6
microsoft
cross-site scripting
sfxv1

6.2 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.9%

JSON

Summary Microsoft was recently made aware of a Cross-Site Scripting (XSS) vulnerability (CVE-2022-35829), that under limited circumstances, affects older versions of Service Fabric Explorer (SFX). The current default SFX web client (SFXv2) is not vulnerable to this attack. However, customers can manually switch from the default web client (SFXv2) to an older vulnerable SFX web client version (SFXv1).

Related

prion 1
checkpoint_advisories 1
nessus 1
mscve 1
cvelist 1
nvd 1
msrc 2
thn 2
cve 1
kaspersky 1
rapid7blog 1
prion
prion
Spoofing
2022-10-11 19:15:00
checkpoint_advisories
checkpoint_advisories
Microsoft Azure Service Fabric Explorer Cross Site Scripting (CVE-2022-35829)
2022-10-27 00:00:00
nessus
nessus
Azure Service Fabric Explorer Spoofing (Oct 2022)
2022-10-26 00:00:00
mscve
mscve
Service Fabric Explorer Spoofing Vulnerability
2022-10-11 07:00:00
cvelist
cvelist
CVE-2022-35829 Service Fabric Explorer Spoofing Vulnerability
2022-10-11 00:00:00
nvd
nvd
CVE-2022-35829
2022-10-11 19:15:11
msrc
msrc
Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk
2022-10-19 13:01:00
Awareness and guidance related to potential Service Fabric Explorer (SFX) v1 web client risk
2022-10-19 07:00:00
thn
thn
Researchers Detail Azure SFX Flaw That Could've Allowed Attackers to Gain Admin Access
2022-10-19 13:18:00
Researchers Detail Severe "Super FabriXss" Vulnerability in Microsoft Azure SFX
2023-03-30 17:02:00
cve
cve
CVE-2022-35829
2022-10-11 19:15:11
kaspersky
kaspersky
KLA20004 Multiple vulnerabilities in Microsoft Azure
2022-10-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - October 2022
2022-10-11 18:35:28

6.2 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.9%

JSON
Related for MSRC:B00D3A19A9D056B76528B067E65DF694
prion1checkpoint_advisories1nessus1mscve1cvelist1nvd1msrc2thn2cve1kaspersky1rapid7blog1