Server-side request forgery (SSRF) attacks were susceptible to four vulnerabilities in Microsoft Azure services.
Azure Functions, Azure Machine Learning, and Azure Digital Twins were among the services offered.
Lidor Ben Shitrit, an Orca researcher, claims that if these SSRF vulnerabilities had gone unpatched, they might have had a substantial effect on Microsoft Azure Services.
These vulnerabilities were patched quickly by Microsoft, preventing any significant damage from being done.
Source: https://purplesec.us/security-insights/microsoft-azure-ssrf-vulnerabilities/
TPRM report: https://scoringcyber.rankiteo.com/company/msnazure
"id": "mic3297823",
"linkid": "msnazure",
"type": "Vulnerability",
"date": "01/2022",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Technology',
'name': 'Microsoft Azure',
'type': 'Cloud Service Provider'}],
'attack_vector': 'Server-side request forgery (SSRF)',
'description': 'Server-side request forgery (SSRF) attacks were susceptible '
'to four vulnerabilities in Microsoft Azure services. Azure '
'Functions, Azure Machine Learning, and Azure Digital Twins '
'were among the services offered. Lidor Ben Shitrit, an Orca '
'researcher, claims that if these SSRF vulnerabilities had '
'gone unpatched, they might have had a substantial effect on '
'Microsoft Azure Services. These vulnerabilities were patched '
'quickly by Microsoft, preventing any significant damage from '
'being done.',
'impact': {'systems_affected': ['Azure Functions',
'Azure Machine Learning',
'Azure Digital Twins']},
'response': {'remediation_measures': 'Vulnerabilities patched quickly by '
'Microsoft'},
'title': 'Microsoft Azure SSRF Vulnerabilities',
'type': 'SSRF Vulnerability',
'vulnerability_exploited': 'SSRF'}