CVE-2024-49035

Published Nov 26, 2024

Last updated 6 months ago

Exploit knownCVSS high 8.7
Server

Overview

Description
An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.
Source
secure@microsoft.com
NVD status
Modified
CNA Tags
exclusively-hosted-service
Products
partner_center

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Microsoft Partner Center Improper Access Control Vulnerability
Exploit added on
Feb 25, 2025
Exploit action due
Mar 18, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-269
nvd@nist.gov
NVD-CWE-Other

Social media

Hype score
Not currently trending

  1. [HIGH] CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation CISA added CVE-2024-49035 to KEV Catalog due to active exploitation. CVE: CVE-2024-49035 • APT: N/A • Status:… https://t.co/MbznxsfPzt

    @MysocAi

    26 Feb 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [HIGH] CISA Adds Microsoft and Zimbra Flaws to KEV Catalog CISA adds Microsoft and Zimbra vulnerabilities to KEV; remediation required. CVE: CVE-2024-49035 • APT: N/A • Stat… https://t.co/7lPHzk9hrI

    @MysocAi

    26 Feb 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: ( https://t.co/umXAROzILN

    @THEHACKERPRK

    25 Jun 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (…) https://t.co/r07fpK

    @THEHACKERPRK

    21 Jun 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/2fV1fiYE60…)

    @walletwardenn

    19 Apr 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/2fV1fiYE60…)

    @walletwardenn

    19 Apr 2025

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/MPs2YgP22W…)

    @Numero_Hacks

    13 Apr 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/fsiCPwS00I…)

    @nathy_hackers

    1 Apr 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/Uld9sf1RzZ…)

    @John08987

    31 Mar 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/eL6mIN6wAi…)

    @digital_hack6

    27 Mar 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/UFdvAPacWg…)

    @recoverythreata

    27 Mar 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/28uWAZuGes…)

    @EthicalHack21

    23 Mar 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/zzUxb93uRV…)

    @Cyber_Recover12

    22 Mar 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/zzUxb93uRV…)

    @Cyber_Recover12

    21 Mar 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/NIu1skgdgd…)

    @JOE_HACKER1

    20 Mar 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/aTTn63279U…)

    @Mr_James_Cyber

    20 Mar 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/aTTn63279U…)

    @Mr_James_Cyber

    20 Mar 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/5EhdO34zav…)

    @Recoverytheate

    20 Mar 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/NIu1skgdgd…)

    @JOE_HACKER1

    20 Mar 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/fU7P8x4DGz…)

    @Herbert_Termux

    19 Mar 2025

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/EWaMDc2cR9…)

    @help_center11

    11 Mar 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/JVRhmHVpR1…)

    @savana_recovery

    10 Mar 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    10 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    10 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. Actively exploited CVE : CVE-2024-49035, CVE-2023-34192

    @transilienceai

    9 Mar 2025

    73 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  26. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    9 Mar 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  27. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    8 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    7 Mar 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  29. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    7 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    5 Mar 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  31. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    4 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  32. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    3 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  33. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    2 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  34. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    1 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  35. Actively exploited CVE : CVE-2024-49035, CVE-2023-34192

    @transilienceai

    28 Feb 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  36. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    28 Feb 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  37. Actively exploited CVE : CVE-2024-49035, CVE-2023-34192

    @transilienceai

    28 Feb 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  38. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/6jycjWiyri…)

    @AJTheTech

    27 Feb 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    27 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  40. 🚨 Security Alert: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Microsoft's Partner Center (CVE-2024-49035) to its Known Exploited Vulnerabilities Catalog, citing active exploitation.

    @allnewsjack

    27 Feb 2025

    97 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  41. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-49035 #Microsoft Partner Center Improper Access Control Vulnerability https://t.co/7gRaVEBjse

    @ScyScan

    26 Feb 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. ⚠️ Vulnerability Alert: Microsoft Partner Center Privilege Escalation Vulnerability 📅 Timeline: Disclosed: 2024-11-01, Patched: November 2024 📌 Attribution: CISA confirmed active exploitation 🆔 CVE ID: CVE-2024-49035 📊 Base Score: 9.8 📏 CVSS Metrics:… https://t.co/

    @syedaquib77

    26 Feb 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    26 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  44. csirt_it: ‼️ #Microsoft: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2024-49035 – già sanata dal vendor – relativa al prodotto #MicrosoftPartnerCenter Rischio: 🟠 Tipologia: 🔸 Elevation of Privilege 🔗 https://t.co/pl4YPcJh9B 🔄 … https://t.co/O9etfvly4q

    @Vulcanux_

    26 Feb 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. 🚨CVE Alert: Microsoft Partner Center Improper Access Control Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-49035 (8.7/10) Microsoft Partner Center Improper Access Control Vulnerability Impact A Successful exploit may allow an a unauthenticated attacker

    @CyberxtronTech

    26 Feb 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. 🔐 CISA has just added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog—both actively exploited. Hook: Microsoft Partner Center’s CVE-2024-49035 and Synacor ZCS’s CVE-2023-34192 are putting organizations at risk. Read the full article:… https://

    @TheHackersNews

    26 Feb 2025

    34078 Impressions

    31 Retweets

    89 Likes

    11 Bookmarks

    1 Reply

    0 Quotes

  47. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    26 Feb 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  48. Microsoft patches 4 critical security flaws, including one exploited in the wild (CVE-2024-49035). Fixes for Power Apps, Copilot Studio, Azure, & Dynamics 365 are available. Update your apps! #Cyber https://t.co/UlmlJ9X7ts

    @TLDRStories

    3 Dec 2024

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Here are some notable updates in information security: Vulnerabilities and Patches - Microsoft addressed critical security flaws in its AI, cloud, and ERP offerings, with one flaw (CVE-2024-49035) already being exploited in the wild. - Palo Alto Networks patched… https://t.

    @johnmstark

    1 Dec 2024

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Alerte ! Microsoft corrige les failles de sécurité dans l'IA, le Cloud et l'ERP, dont une exploitée activement. La vulnérabilité CVE-2024-49035 est évaluée à 8.7 CVSS. Analyse pour les Analystes Sécurité #Cybersecurite #ExploitZeroDay 👉 https://t.co/KTKvSrZsV4

    @CyberAlertFr

    30 Nov 2024

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Microsoft SharePoint Server Improper Input Validation VulnerabilityCVE-2026-32201
  2. Apache ActiveMQ Improper Input Validation VulnerabilityCVE-2026-34197
  3. Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary code execution as root (macOS/Linux) or SYSTEM (Windows) on managed hosts when an uninstall is triggered for a crafted software package. Version 4.81.1 patches the issue.CVE-2026-34387
  4. Citrix NetScaler Out-of-Bounds Read VulnerabilityCVE-2026-3055
  5. Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.CVE-2026-26118

References

Sources include official advisories and independent security research.