Microsoft Azure Machine Learning vulnerabilities
9 known vulnerabilities affecting microsoft/azure_machine_learning.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2025-47995P2HIGHCVSS 8.8v-2025-07-18
CVE-2025-47995 [HIGH] CWE-1390 CVE-2025-47995: Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges ov
Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2025-30390P3HIGHCVSS 8.8v-2025-04-30
CVE-2025-30390 [HIGH] CWE-285 CVE-2025-30390: Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.
Improper authorization in Azure allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2025-49746P3HIGHCVSS 8.8v-2025-07-18
CVE-2025-49746 [HIGH] CWE-285 CVE-2025-49746: Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2025-49747P3HIGHCVSS 8.8v-2025-07-18
CVE-2025-49747 [HIGH] CWE-862 CVE-2025-49747: Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2026-33833P3HIGHCVSS 8.2≥ 3.0.0, < 1.7.62026-05-12
CVE-2026-33833 [HIGH] CWE-74 CVE-2026-33833: Improper neutralization of special elements in output used by a downstream component ('injection') i
Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2023-23382P4MEDIUMCVSS 6.5≥ 3.0.0, < 3.0.02076.00012023-02-14
CVE-2023-23382 [MEDIUM] CWE-257 CVE-2023-23382: Azure Machine Learning Compute Instance Information Disclosure Vulnerability
Azure Machine Learning Compute Instance Information Disclosure Vulnerability
nvd
CVE-2026-32207P4MEDIUMCVSS 6.1v-2026-05-07
CVE-2026-32207 [MEDIUM] CWE-79 CVE-2026-32207: Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machin
Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2023-28312P4MEDIUMCVSS 6.5≥ 3.0.0, < 3.0.02199.00012023-04-11
CVE-2023-28312 [MEDIUM] CWE-284 CVE-2023-28312: Azure Machine Learning Information Disclosure Vulnerability
Azure Machine Learning Information Disclosure Vulnerability
nvd
CVE-2023-35625P4MEDIUMCVSS 4.7≥ 1.0.0, < 1.5.02023-12-12
CVE-2023-35625 [MEDIUM] CWE-200 CVE-2023-35625: Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability
Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability
nvd