We use cookies to improve your experience on our site.
AVID-2026-R1406
Description
Azure SDK Spoofing Vulnerability (CVE-2024-21421)
Details
Azure SDK Spoofing Vulnerability
Reason for inclusion in AVID: CVE-2024-21421 describes a spoofing vulnerability in the Azure SDK, a software library widely used in cloud environments. This library can be part of AI system deployments (data ingestion, storage, orchestration, and resource management in AI workflows on Azure). The issue is a vulnerability in a dependency used to build/run AI systems, representing a software supply chain risk within general-purpose AI stacks. It is a CVE-style security vulnerability with accessible references (NVD/MSRC).
References
Affected or Relevant Artifacts
- Developer: Microsoft
- Deployer: Microsoft
- Artifact Details:
| Type | Name |
|---|---|
| System | Azure SDK |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
| Base Score | 7.5 |
| Base Severity | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-1395 | CWE-1395: Dependency on Vulnerable Third-Party Component |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-03-12
- Version: 0.3.3
- AVID Entry