The Azure CycleCloud product is missing security updates. It is, therefore, affected by an elevation of privilege vulnerability. An unauthenticated, adjacent attacker can exploit this, via brute force authentication, to obtain a successful login and gain administrator privleges.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More