Microsoft Azure API Management Service Vulnerabilities Patched
Originally Published 2 years ago — by The Hacker News
Three new security flaws have been discovered in Microsoft Azure API Management service, including two server-side request forgery (SSRF) flaws and one instance of unrestricted file upload functionality in the API Management developer portal. Exploitation of SSRF flaws can result in loss of confidentiality and integrity, permitting a threat actor to read internal Azure resources and execute unauthorized code. Following responsible disclosure, all the three flaws have been patched by Microsoft.