Thomas Knudson

**Name of the Vulnerable Software and Affected Versions** Microsoft Entra ID (affected versions not specified) **Description** An origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Azure Entra ID (affected versions not specified) Microsoft Enterprise Security Token Service (affected versions not specified) **Description** Exposure of sensitive information in Azure Entra ID allows an unauthorized actor to perform spoofing over a network. Additionally, errors in information processing within the Microsoft Enterprise Security Token Service, a service used for authentication and token management, could allow a remote attacker to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.