Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

microsoft active directory federation services vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2015-1757
Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote malicious users to inject arbitrary web script or HTML via the wct parameter, aka "ADFS XSS Eleva...
Microsoft Active Directory Federation Services 2.0Microsoft Active Directory Federation Services 2.1
5.4
CVSSv3
CVE-2019-1273
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'.
Microsoft Windows 10 1803Microsoft Windows 10 1903Microsoft Windows Server 2016 1903Microsoft Windows Server 2019 -Microsoft Windows 10 1809Microsoft Windows Server 2016 1803
6.1
CVSSv3
CVE-2020-1055
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'.
Microsoft Windows 10 1809Microsoft Windows 10 1903Microsoft Windows 10 1909Microsoft Windows Server 2016 1903Microsoft Windows Server 2016 1909Microsoft Windows Server 2019 -
5.3
CVSSv3
CVE-2017-0043
Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory Feder...
Microsoft Windows Server 2012 -Microsoft Windows Server 2012 R2Microsoft Windows Server 2008Microsoft Windows Server 2016Microsoft Windows 10 1607Microsoft Windows Server 2008 R2
NA
CVE-2014-6331
Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote malicious users to obtain access by leveraging an unattended workst...
Microsoft Active Directory Federation Services 2.1Microsoft Active Directory Federation Services 2.0Microsoft Active Directory Federation Services 3.0
7.5
CVSSv3
CVE-2022-30215
Active Directory Federation Services Elevation of Privilege Vulnerability
Microsoft Windows Server 2016 -Microsoft Windows Server 2019 -Microsoft Windows Server 2016 20h2Microsoft Windows Server 2022 -
5.4
CVSSv3
CVE-2018-8547
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directory Federation Services XS...
Microsoft Windows 8.1 -Microsoft Windows Rt 8.1 -Microsoft Windows Server 2012 R2Microsoft Windows Server 2016 -Microsoft Windows 10 1709Microsoft Windows 10 1809Microsoft Windows Server 2019 -Microsoft Windows Server 2016 1709Microsoft Windows 10 1607Microsoft Windows 10 1803Microsoft Windows Server 2016 1803
NA
CVE-2015-1638
Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote malicious users to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation ...
Microsoft Windows Server 2012 R2
7.5
CVSSv3
CVE-2016-0037
The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote malicious users to cause a denial of service (daemon outage) via crafted data, aka "Microsoft Active Directory Federation Servic...
Microsoft Windows Server 2012 R2
5.4
CVSSv3
CVE-2018-8326
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Open Source Customization for Active Di...
Microsoft Web Customizations
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook