CVE-2024-49035 - Microsoft Partner Center Improper Access Control Vulnerability

Microsoft | Partner Center

• Date Added:
• 2025-02-25

• Due Date:
• 2025-03-18

Vulnerability Name

Microsoft Partner Center Improper Access Control Vulnerability

Description

Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49035 ; https://nvd.nist.gov/vuln/detail/CVE-2024-49035

Top Security News

New NailaoLocker ransomware used against EU healthcare orgs

Black Basta ransomware gang's internal chat logs leak online

Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks

Windows Server 2025 released—here are the new features

SonicWall firewall bug leveraged in attacks after PoC exploit release

Data Leak Exposes TopSec's Role in China's Censorship-as-a-Service Operations

CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks

SpyLend Android malware downloaded 100,000 times from Google Play

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

MediumAbsence of Anti-CSRF Tokens

InformationalInformation Disclosure - Suspicious Comments

MediumContent Security Policy (CSP) Header Not Set

LowCross-Domain JavaScript Source File Inclusion

HighPII Disclosure

MediumCross-Domain Misconfiguration

InformationalModern Web Application

Top CVE List

CVE-2025-0111 Palo Alto Networks PAN-OS File Read Vulnerability

CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability

CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability

CVE-2025-0108 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability

CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability

CVE-2017-6736 Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVE-2025-21418 Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability

CVE-2024-40891 Zyxel DSL CPE OS Command Injection Vulnerability

CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability

Top CWE List

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-693 Protection Mechanism Failure

CWE-201 Insertion of Sensitive Information Into Sent Data

CWE-581 Object Model Violation: Just One of Equals and Hashcode Defined

CWE-1426 Improper Validation of Generative AI Output

HighCWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control

CWE-125 Out-of-bounds Read

CWE-1298 Hardware Logic Contains Race Conditions