Microsoft has patched three new vulnerabilities in the Azure API Management service which includes two Server-Side Request Forgery (SSRF) vulnerabilities and a file upload path traversal on an internal Azure workload, according to cybersecurity firm Ermetic.
The vulnerabilities were achieved through url formatting bypasses and an unrestricted file upload functionality in the API Management developer portal, Ermetic said. The cybersecurity firm identified the vulnerabilities in December and Microsoft patched them in January.