Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft active directory federation services vulnerabilities and exploits
(subscribe to this query)
8.6
CVSSv3
CVE-2018-16794
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.
Microsoft Active Directory Federation Services
4 Github repositories
6.5
CVSSv3
CVE-2018-8340
A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka "AD FS Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows Server 2012 R2, Windows...
Microsoft Windows Server 2016 1803
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2016 1709
1 Github repository
5
CVSSv3
CVE-2020-0837
<p>An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication factor...
Microsoft Windows 10 1607
Microsoft Windows Server 2016 -
Microsoft Windows Server 2019 -
Microsoft Windows 10 1809
Microsoft Windows Server 2016 1903
Microsoft Windows 10 1903
Microsoft Windows Server 2016 1909
Microsoft Windows 10 1909
Microsoft Windows 10 2004
Microsoft Windows Server 2016 2004
5.3
CVSSv3
CVE-2019-1126
A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an malicious user to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an malic...
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2016 1803
Microsoft Windows Server 2016 1903
Microsoft Windows Server 2019 -
1 Article
NA
CVE-2009-2509
Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka &qu...
Microsoft Windows Server 2008
Microsoft Windows Server 2003
NA
CVE-2013-3185
Microsoft Active Directory Federation Services (AD FS) 1.x up to and including 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote malicious users to obtain sensitive information about the service account, and possibly cond...
Microsoft Active Directory Federation Services 2.0
Microsoft Active Directory Federation Services 2.1
6.3
CVSSv3
CVE-2019-0975
A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addres...
Microsoft Windows Server 2019 -
Microsoft Windows Server 2016 -
Microsoft Windows Server 2016 1903
Microsoft Windows Server 2016 1803
1 Article
NA
CVE-2009-2508
The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate malicious users to obtain the...
Microsoft Windows Server 2003
Microsoft Windows Server 2008
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2