Information disclosure in Microsoft products - CVE-2021-27075
Published: March 9, 2021
Vulnerability identifier: #VU51350
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-27075
CWE-ID: CWE-200
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Azure Kubernetes Service
Azure Container Instance
Azure Spring Cloud
Azure Service Fabric
Microsoft Azure Kubernetes Service
Azure Container Instance
Azure Spring Cloud
Azure Service Fabric
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Azure Virtual Machine. A remote authenticated attacker on the local network can gain unauthorized access to sensitive information on the system.
How to mitigate CVE-2021-27075
Install updates from vendor's website.