6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.8%
A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security update corrects how ADFS updates its list of banned IP addresses., aka âADFS Security Feature Bypass Vulnerabilityâ. This CVE ID is unique from CVE-2019-1126.
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | windows_server | * | cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:* |
microsoft | windows_server | * | cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:* |
microsoft | windows_server | * | cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:* |
microsoft | windows_server | * | cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:* |
microsoft | windows_server | * | cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:* |
microsoft | windows_server,_version_1903 | unspecified | cpe:2.3:o:microsoft:windows_server,_version_1903:unspecified:*:*:*:*:*:*:* |
[
{
"product": "Windows Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016"
},
{
"status": "affected",
"version": "2016 (Core installation)"
},
{
"status": "affected",
"version": "version 1803 (Core Installation)"
},
{
"status": "affected",
"version": "2019"
},
{
"status": "affected",
"version": "2019 (Core installation)"
}
]
},
{
"product": "Windows Server, version 1903 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
]
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
69.8%