Microsoft Active Directory Federation Services — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Active Directory Federation Services, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2018-16794 — CVSS 8.6 (high): Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail…
CVE-2013-3185 — CVSS 5.0 (medium): Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1…
CVE-2014-6331 — CVSS 5.0 (medium): Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint…
CVE-2015-1757 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2…