9% of SaaS Applications Using Microsoft Entra ID Remain Vulnerable to Known Security Flaw

New research has revealed that 9% of SaaS applications using Microsoft Entra ID remain vulnerable to a known security flaw, potentially allowing malicious actors to take control of accounts. Identity security company Semperis analyzed 104 SaaS applications and discovered that nine of them are vulnerable to Entra ID's cross-tenant nOAuth abuse. This vulnerability was initially disclosed two years ago.