CVE-2013-3185

CVE-2013-3185 affects Microsoft Active Directory Federation Services (AD FS) versions 1.x through 2.1 on Windows Server 2003 R2 SP2, 2008 SP2 and R2 SP1, and 2012. The vulnerability allows remote attackers to disclose information about the AD FS service account, potentially enabling account-locko...

CVE-2018-16794

CVE-2018-16794 affects Microsoft ADFS 4.0 and earlier running on Windows Server 2016 and prior. The vulnerability is a server-side request forgery (SSRF) via the txtBoxEmail parameter in /adfs/ls, enabling an attacker to induce the ADFS server to make requests to an arbitrary URL. The linked conn...

CVE-2015-1757

CVE-2015-1757 is an XSS elevation-of-privilege vulnerability in Microsoft Active Directory Federation Services (AD FS) exposed by wct input in AD FS on Windows Server 2008 SP2, R2 SP1, and Server 2012. The issue, described as cross-site scripting via the wct parameter, can enable a remote attacke...

CVE-2014-6331

CVE-2014-6331 affects Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1 and 3.0. The vulnerability arises when a configured SAML Relying Party lacks a sign-out endpoint and logoff actions are not processed correctly, enabling information disclosure and potential access via an unatte...