← Back

CVE-2021-36949

nvd nist
Published: Aug 12, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.1
Vector
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD (Secondary)

Description

Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability

Affected (3)

Microsoft
2 products
Azure Active Directory Connect
Azure Active Directory Connect Provisioning Agent
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Azure Active Directory Connect
From 1.3.20.0 to 1.6.11.3
Azure Active Directory Connect
From 2.0.3.0 to 2.0.9.0
Azure Active Directory Connect Provisioning Agent
Before 1.1.582.0

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.