Skip to main content

Active Directory Federation Services

4 CVEs product

Monthly

CVE-2018-16794 HIGH POC This Week

Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft SSRF Active Directory Federation Services
NVD
CVSS 3.0
8.6
EPSS
8.0%
CVE-2015-1757 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.7% and no vendor patch available.

XSS Microsoft Active Directory Federation Services
NVD
CVSS 2.0
4.3
EPSS
10.7%
CVE-2014-6331 MEDIUM This Month

Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 33.6% and no vendor patch available.

Privilege Escalation Information Disclosure Microsoft Active Directory Federation Services
NVD
CVSS 2.0
5.0
EPSS
33.6%
CVE-2013-3185 MEDIUM This Month

Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.9% and no vendor patch available.

Information Disclosure Microsoft Active Directory Federation Services
NVD
CVSS 2.0
5.0
EPSS
30.9%
EPSS 8% CVSS 8.6
HIGH POC This Week

Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft SSRF Active Directory Federation Services
NVD
EPSS 11% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.7% and no vendor patch available.

XSS Microsoft Active Directory Federation Services
NVD
EPSS 34% CVSS 5.0
MEDIUM This Month

Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 33.6% and no vendor patch available.

Privilege Escalation Information Disclosure Microsoft +1
NVD
EPSS 31% CVSS 5.0
MEDIUM This Month

Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 30.9% and no vendor patch available.

Information Disclosure Microsoft Active Directory Federation Services
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy