CVEs (4)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Microsoft 1Active Directory Federation Services Nov 21, 2024 Sep 18, 2018 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls. |
1Microsoft 1Active Directory Federation Services May 6, 2026 Jun 10, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script o...Show more |
1Microsoft 1Active Directory Federation Services May 6, 2026 Nov 11, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attacke...Show more |
1Microsoft 1Active Directory Federation Services Apr 29, 2026 Aug 14, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information ab...Show more |