Azure API Management Vulnerabilities Allowed Unauthorized Access

Two SSRF issues (server-side request forgery) and one file upload path traversal bug were discovered as a result of URL formatting workarounds and an unlimited file upload capability. According to Ermetic, all three have received a complete patch. A distinct SSRF vulnerability in API Management that Microsoft patched last year was the first of the SSRF issues to be discovered.

An attacker might have been able to access internal Azure assets, get past web application firewalls, create a denial-of-service (DoS) situation, and upload malicious files to internal servers if these vulnerabilities had been successfully exploited.

Azure API Management Vulnerabilities Allowed Unauthorized Access

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Azure API Management Vulnerabilities Allowed Unauthorized Access

05-May-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address