CVE-2024-38175 CRITICAL

CVE-2024-38175: Azure Managed Instance for Apache Cassandra Elevation of Privilege Vulnerability

Vendor Microsoft

Product Azure Managed Instance for Apache Cassandra

Weakness CWE-284

Published August 20, 2024

Last update July 10, 2025

View on NVD All CVEs

CVSS base score

9.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:F/RL:O/RC:C

What the vulnerability does

Description

An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.

Key dates

Disclosure timeline

August 20, 2024 CVE published

July 10, 2025 Record updated

Identifiers

CVE CVE-2024-38175

CWE CWE-284

CVSS 9.6 / CRITICAL

Affected versions

Vendor Microsoft

Product Azure Managed Instance for Apache Cassandra

Affected N/A