CVE-2024-43477

Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.

CVSS

No CVSS.

References

Link	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43477	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:entra_id:-:*:*:*:*:*:*:*

History

29 Jan 2025, 16:30

Type	Values Removed	Values Added
References	~~() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43477 -~~	() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43477 - Vendor Advisory
CWE	~~CWE-284~~	NVD-CWE-Other
CPE		cpe:2.3:a:microsoft:entra_id:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : unknown
First Time		Microsoft Microsoft entra Id

10 Sep 2024, 18:15

Type	Values Removed	Values Added
Summary	~~Improper access control in Decentralized Identity Services allows an unathenticated attacker to disable Verifiable ID's on another tenant.~~	Improper access control in Decentralized Identity Services resulted in a vulnerability that allows an unauthenticated attacker to disable Verifiable ID's on another tenant.

23 Aug 2024, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-23 02:15

Updated : 2025-01-29 16:30

NVD link : CVE-2024-43477

Mitre link : CVE-2024-43477

JSON object : View

Products Affected

microsoft

entra_id

CWE

NVD-CWE-Other

JSON object

Attach tags to CVE-2024-43477

Attach tags to `CVE-2024-43477`