Microsoft addressed two cross-site scripting (XSS) vulnerabilities in Azure Bastion and Azure Container Registry (ACR) leading to unauthorized access to user sessions.
Three vulnerabilities in the Azure API Management service could be exploited for internal asset access, DoS, firewall bypass, and the upload of malicious files.