low

Azure AD information disclosure via undocumented APIs

Published Tue, Apr 5th, 2022
Platforms

Summary

Undocumented Azure AD APIs could allow access to internal information of any organization that uses Azure AD. Collected details included licensing information, mailbox information, and directory synchronization status.

Affected Services

N/A

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Tue, Apr 5th, 2022
Exploitablity Period
-
Known ITW Exploitation
No
Detection Methods
-
Discovered by
Secureworks