Lucene search

[email protected]CVE-2019-1126

HistoryJul 29, 2019 - 2:12 p.m.

CVE-2019-1126

2019-07-2914:12:55

CWE-307

[email protected]

web.nvd.nist.gov

adfs

active directory

federation services

security feature bypass

vulnerability

cve-2019-1126

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.8%

JSON

A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.This security update corrects how ADFS handles external authentication requests., aka ‘ADFS Security Feature Bypass Vulnerability’. This CVE ID is unique from CVE-2019-0975.

Affected configurations

Vulners

NVD

Node

microsoftwindows_server

microsoftwindows_server,_version_1903Matchunspecified

VendorProductVersionCPE
microsoftwindows_server*cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*
microsoftwindows_server*cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*
microsoftwindows_server*cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*
microsoftwindows_server*cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*
microsoftwindows_server*cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*
microsoftwindows_server*cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*
microsoftwindows_server*cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*
microsoftwindows_server,_version_1903unspecifiedcpe:2.3:o:microsoft:windows_server,_version_1903:unspecified:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_server	*	cpe:2.3:o:microsoft:windows_server::::::::
microsoft	windows_server	*	cpe:2.3:o:microsoft:windows_server::::::::
microsoft	windows_server	*	cpe:2.3:o:microsoft:windows_server::::::::
microsoft	windows_server	*	cpe:2.3:o:microsoft:windows_server::::::::
microsoft	windows_server	*	cpe:2.3:o:microsoft:windows_server::::::::
microsoft	windows_server	*	cpe:2.3:o:microsoft:windows_server::::::::
microsoft	windows_server	*	cpe:2.3:o:microsoft:windows_server::::::::
microsoft	windows_server,_version_1903	unspecified	cpe:2.3:o:microsoft:windows_server,_version_1903:unspecified:::::::*

CNA Affected

[
  {
    "product": "Windows Server",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "2012 R2"
      },
      {
        "status": "affected",
        "version": "2012 R2 (Core installation)"
      },
      {
        "status": "affected",
        "version": "2016"
      },
      {
        "status": "affected",
        "version": "2016  (Core installation)"
      },
      {
        "status": "affected",
        "version": "version 1803  (Core Installation)"
      },
      {
        "status": "affected",
        "version": "2019"
      },
      {
        "status": "affected",
        "version": "2019  (Core installation)"
      }
    ]
  },
  {
    "product": "Windows Server, version 1903 (Server Core installation)",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  }
]