Sridhar Periyasamy

**Name of the Vulnerable Software and Affected Versions** Azure Privileged Identity Management (PIM) (affected versions not specified) **Description** An authorization bypass exists due to a user-controlled key, which allows an authorized attacker to elevate privileges over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Entra ID (affected versions not specified) **Description** An origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Resource Manager (affected versions not specified) **Description** Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Local Disconnected Operations (affected versions not specified) **Description** Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Entra ID (affected versions not specified) Microsoft Enterprise Security Token Service (affected versions not specified) **Description** Exposure of sensitive information in Azure Entra ID allows an unauthorized actor to perform spoofing over a network. Additionally, errors in information processing within the Microsoft Enterprise Security Token Service, a service used for authentication and token management, could allow a remote attacker to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.