Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft active directory federation services vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-1757
Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote malicious users to inject arbitrary web script or HTML via the wct parameter, aka "ADFS XSS Eleva...
Microsoft Active Directory Federation Services 2.0
Microsoft Active Directory Federation Services 2.1
5.4
CVSSv3
CVE-2019-1273
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'.
Microsoft Windows 10 1803
Microsoft Windows 10 1903
Microsoft Windows Server 2016 1903
Microsoft Windows Server 2019 -
Microsoft Windows 10 1809
Microsoft Windows Server 2016 1803
1 Article
6.1
CVSSv3
CVE-2020-1055
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'.
Microsoft Windows 10 1809
Microsoft Windows 10 1903
Microsoft Windows 10 1909
Microsoft Windows Server 2016 1903
Microsoft Windows Server 2016 1909
Microsoft Windows Server 2019 -
5.3
CVSSv3
CVE-2017-0043
Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory Feder...
Microsoft Windows Server 2012 -
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2008
Microsoft Windows Server 2016
Microsoft Windows 10 1607
Microsoft Windows Server 2008 R2
NA
CVE-2014-6331
Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote malicious users to obtain access by leveraging an unattended workst...
Microsoft Active Directory Federation Services 2.1
Microsoft Active Directory Federation Services 2.0
Microsoft Active Directory Federation Services 3.0
7.5
CVSSv3
CVE-2022-30215
Active Directory Federation Services Elevation of Privilege Vulnerability
Microsoft Windows Server 2016 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2016 20h2
Microsoft Windows Server 2022 -
5.4
CVSSv3
CVE-2018-8547
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directory Federation Services XS...
Microsoft Windows 8.1 -
Microsoft Windows Rt 8.1 -
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows 10 1709
Microsoft Windows 10 1809
Microsoft Windows Server 2019 -
Microsoft Windows Server 2016 1709
Microsoft Windows 10 1607
Microsoft Windows 10 1803
Microsoft Windows Server 2016 1803
NA
CVE-2015-1638
Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote malicious users to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation ...
Microsoft Windows Server 2012 R2
7.5
CVSSv3
CVE-2016-0037
The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote malicious users to cause a denial of service (daemon outage) via crafted data, aka "Microsoft Active Directory Federation Servic...
Microsoft Windows Server 2012 R2
5.4
CVSSv3
CVE-2018-8326
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Open Source Customization for Active Di...
Microsoft Web Customizations
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »