Known Vulnerabilities for Active Directory Federation Services by Microsoft

Listed below are 4 of the newest known vulnerabilities associated with the software "Active Directory Federation Services" by "Microsoft".

These CVEs are retrieved based on exact matches on listed software and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2018-16794 Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the ... 8.6 - HIGH 2018-09-18 2018-11-20
CVE-2015-1757 Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Serv... 4.3 - MEDIUM 2015-06-10 2018-10-12
CVE-2014-6331 Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-o... 5 - MEDIUM 2014-11-11 2018-10-12
CVE-2013-3185 Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2... 5 - MEDIUM 2013-08-14 2020-09-28

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationMicrosoftActive Directory Federation Services2.1AllAllAll
ApplicationMicrosoftActive Directory Federation Services2.0AllAllAll
ApplicationMicrosoftActive Directory Federation Services1.1AllAllAll
ApplicationMicrosoftActive Directory Federation Services1.0AllAllAll

Popular searches for Active Directory Federation Services

Active Directory Federation Services

docs.microsoft.com/en-us/windows-server/identity/active-directory-federation-services

Active Directory Federation Services Learn more about: Active Directory Federation Services

technet.microsoft.com/en-us/library/hh831502.aspx technet.microsoft.com/en-us/library/hh831502.aspx docs.microsoft.com/windows-server/identity/active-directory-federation-services technet.microsoft.com/library/hh831502.aspx technet.microsoft.com/en-us/windows-server-docs/identity/active-directory-federation-services technet.microsoft.com/en-us/library/hh831502 technet.microsoft.com/library/hh831502.aspx docs.microsoft.com/sv-se/windows-server/identity/active-directory-federation-services Active Directory Federation Services C0 and C1 control codes Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 Microsoft Docs Feedback Terms of service Microsoft Adobe Contribute HTTP cookie Bookmark (digital) LinkedIn Twitter Facebook Email Privacy Google Docs Blog Documentation

Active Directory Federation Services

msdn.microsoft.com/en-us/library/bb897402.aspx

Active Directory Federation Services This article begins with a brief overview of Active Directory Federation Services AD FS , a list of the benefits to using AD FS, and a list of what's new in AD FS for Windows Server 2008. The article then focuses on the code that a managed developer must incorporate into a Web application to make it federation aware and provides some specific examples on making claims based authorization decisions. AD FS is a standards-based service that allows the secure sharing of identity information between trusted business partners known as a federation X V T across an extranet. When a user needs to access a Web application from one of its federation Web application.

msdn.microsoft.com/library/bb897402.aspx msdn.microsoft.com/en-GB/library/bb897402.aspx msdn.microsoft.com/en-us/library/Bb897402.aspx msdn.microsoft.com/en-us/library/bb897402.aspx?MSPPError=-2147217396&f=255 C0 and C1 control codes Web application User (computing) Active Directory Federation Services World Wide Web Federation (information technology) Authentication Authorization Windows Server 2008 Information Server (computing) Extranet Application software Federated identity Claims-based identity Microsoft Management Console HTTP cookie Single sign-on Programmer Standardization

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report