VYPR

Active Directory Federation Services

by Microsoft

CVEs (20)

  • CVE-2016-0037HigFeb 10, 2016
    risk 0.51cvss 7.5epss 0.26

    The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service (daemon outage) via crafted data, aka "Microsoft Active Directory Federation Services Denial…

  • CVE-2022-30215HigJul 12, 2022
    risk 0.49cvss 7.5epss 0.01

    Active Directory Federation Services Elevation of Privilege Vulnerability

  • CVE-2018-8340MedAug 15, 2018
    risk 0.43cvss 6.5epss 0.08

    A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka "AD FS Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows Server 2012 R2, Windows 10…

  • CVE-2023-35348MedJul 11, 2023
    risk 0.42cvss 6.5epss 0.01

    Active Directory Federation Service Security Feature Bypass Vulnerability

  • CVE-2019-0975MedJul 15, 2019
    risk 0.41cvss 6.3epss 0.02

    A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP…

  • CVE-2020-1055MedMay 21, 2020
    risk 0.40cvss 6.1epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'.

  • CVE-2021-41361MedOct 13, 2021
    risk 0.35cvss 5.4epss 0.01

    Active Directory Federation Server Spoofing Vulnerability

  • CVE-2019-1273MedSep 11, 2019
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'.

  • CVE-2019-1126MedJul 15, 2019
    risk 0.35cvss 5.3epss 0.05

    A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker…

  • CVE-2018-8547MedNov 14, 2018
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directory Federation Services XSS…

  • CVE-2018-8326MedJul 11, 2018
    risk 0.35cvss 5.4epss 0.02

    A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Open Source Customization for Active…

  • CVE-2017-0043MedMar 17, 2017
    risk 0.35cvss 5.3epss 0.02

    Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory…

  • CVE-2020-0837MedSep 11, 2020
    risk 0.33cvss 5.0epss 0.01

    An elevation of privilege vulnerability exists when Active Directory Federation Services (ADFS) improperly handles multi-factor authentication requests. An attacker who successfully exploited this vulnerability could bypass some, but not all, of the authentication…

  • CVE-2013-3185Aug 14, 2013
    risk 0.03cvss epss 0.41

    Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct…

  • CVE-2014-6331Nov 11, 2014
    risk 0.02cvss epss 0.20

    Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended…

  • CVE-2015-1757Jun 10, 2015
    risk 0.01cvss epss 0.11

    Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka "ADFS XSS Elevation of…

  • CVE-2015-1638Apr 14, 2015
    risk 0.01cvss epss 0.13

    Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation Services…

  • CVE-2009-2509Dec 9, 2009
    risk 0.01cvss epss 0.17

    Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka…

  • CVE-2025-21193Jan 14, 2025
    risk 0.00cvss epss 0.01

    Active Directory Federation Server Spoofing Vulnerability

  • CVE-2009-2508Dec 9, 2009
    risk 0.00cvss epss 0.01

    The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the…