Azure Active Directory B2C
by Microsoft
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33843 | Cri | 0.59 | 9.1 | 0.01 | May 22, 2026 | Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network. | ||
| CVE-2019-1172 | 0.01 | — | 0.04 | Aug 14, 2019 | An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. To exploit the vulnerability, an attacker would… | |||
| CVE-2026-45480 | 0.00 | — | — | Jun 19, 2026 | Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network. | |||
| CVE-2024-21381 | 0.00 | — | 0.00 | Feb 13, 2024 | Microsoft Azure Active Directory B2C Spoofing Vulnerability | |||
| CVE-2023-36871 | 0.00 | — | 0.01 | Jul 11, 2023 | Azure Active Directory Security Feature Bypass Vulnerability |
- risk 0.59cvss 9.1epss 0.01
Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network.
- CVE-2019-1172Aug 14, 2019risk 0.01cvss —epss 0.04
An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account. To exploit the vulnerability, an attacker would…
- CVE-2026-45480Jun 19, 2026risk 0.00cvss —epss —
Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network.
- CVE-2024-21381Feb 13, 2024risk 0.00cvss —epss 0.00
Microsoft Azure Active Directory B2C Spoofing Vulnerability
- CVE-2023-36871Jul 11, 2023risk 0.00cvss —epss 0.01
Azure Active Directory Security Feature Bypass Vulnerability