CVE-2024-21381 – Microsoft Azure Active Directory B2C Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-21381
Microsoft Azure Active Directory B2C Spoofing Vulnerability Vulnerabilidad de suplantación de identidad de Microsoft Azure Active Directory B2C • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21381 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-22323
https://notcve.org/view.php?id=CVE-2022-22323
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379. IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD versión 10.x) es vulnerable a una denegación de servicio, causada por un desbordamiento del búfer en la región heap de la memoria en el Plug-in Password Synch. Un atacante autenticado podría aprovechar esta vulnerabilidad para causar una denegación de servicio. • https://exchange.xforce.ibmcloud.com/vulnerabilities/218379 https://www.ibm.com/support/pages/node/6574671 • CWE-787: Out-of-bounds Write •
CVE-2022-22312
https://notcve.org/view.php?id=CVE-2022-22312
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369. IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD versión 10.x) es vulnerable a una denegación de servicio, causada por un desbordamiento del búfer en la región heap de la memoria en el Plug-in Password Synch. Un atacante autenticado podría aprovechar esta vulnerabilidad para causar una denegación de servicio. • https://exchange.xforce.ibmcloud.com/vulnerabilities/217369 https://www.ibm.com/support/pages/node/6574671 • CWE-787: Out-of-bounds Write •
CVE-2021-42306 – Azure Active Directory Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-42306
An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application. Azure AD addressed this vulnerability by preventing disclosure of any private key values added to the application. Microsoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information. For more details on this issue, please refer to the MSRC Blog Entry. Una vulnerabilidad de Divulgación de Información de Azure Active Directory • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42306 • CWE-522: Insufficiently Protected Credentials •
CVE-2021-36949 – Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2021-36949
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability Una Vulnerabilidad de Omisión de Autenticación de Microsoft Azure Active Directory Connect • https://github.com/Maxwitat/Check-AAD-Connect-for-CVE-2021-36949-vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36949 • CWE-287: Improper Authentication •