CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 3CVE-2018-16794 – Microsoft ADFS 4.0 Windows Server 2016 Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2018-16794
14 Sep 2018 — Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. Microsoft ADFS 4.0 Windows Server 2016 y anteriores (Active Directory Federation Services) tiene una vulnerabilidad Server-Side Request Forgery (SSRF) mediante el parámetro txtBoxEmail en /adfs/ls. Microsoft ADFS 4.0 Windows Server 2016 suffers from a server-side request forgery issue. • http://packetstormsecurity.com/files/149376/Microsoft-ADFS-4.0-Windows-Server-2016-Server-Side-Request-Forgery.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 11%CPEs: 2EXPL: 0CVE-2015-1757
https://notcve.org/view.php?id=CVE-2015-1757
10 Jun 2015 — Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka "ADFS XSS Elevation of Privilege Vulnerability." Vulnerabilidad de XSS en adfs/ls en Active Directory Federation Services (AD FS) en Microsoft Windows Server 2008 SP2 y R2 SP1 y Server 2012 permite a atacantes remotos inyectar secuencias de comandos web arbi... • http://www.securityfocus.com/bid/75023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 33%CPEs: 8EXPL: 0CVE-2014-6331
https://notcve.org/view.php?id=CVE-2014-6331
11 Nov 2014 — Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability." Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, y 3.0, cuando a un SAML Relying Party configurado le falta un cierre de sesión del en... • http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 21%CPEs: 5EXPL: 0CVE-2013-3185
https://notcve.org/view.php?id=CVE-2013-3185
14 Aug 2013 — Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct account-lockout attacks, by connecting to an endpoint, aka "AD FS Information Disclosure Vulnerability." Microsoft Active Directory Federation Services (AD FS) v1.x hasta v2.1 en Windows Server 2003 R2 SP2, Windows Server 2008 SP2 y R2 SP1, y Win... • http://www.us-cert.gov/ncas/alerts/TA13-225A • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 71%CPEs: 4EXPL: 0CVE-2013-1282
https://notcve.org/view.php?id=CVE-2013-1282
09 Apr 2013 — The LDAP service in Microsoft Active Directory, Active Directory Application Mode (ADAM), Active Directory Lightweight Directory Service (AD LDS), and Active Directory Services allows remote attackers to cause a denial of service (memory consumption and service outage) via a crafted query, aka "Memory Consumption Vulnerability." El servicio LDAP en Microsoft Active Directory, Active Directory Application Mode (ADAM), Servicio de directorio ligero de Active Directory (AD LDS), y servicios de Active Directory... • http://www.us-cert.gov/ncas/alerts/TA13-100A • CWE-20: Improper Input Validation •