Lucene search
K
MicrosoftForefront Unified Access Gateway

12 matches found

CVE
CVE
added 2010/11/10 1:0 a.m.90 views

CVE-2010-2733

This CVE-2010-2733 entry concerns a non-persistent cross-site scripting (XSS) vulnerability in Forefront UAG Web Monitor across 2010 Gold, Update 1, and Update 2. The issue is documented under Microsoft MS10-089, which addresses multiple UAG vulnerabilities (CVE-2010-2732, CVE-2010-2733, CVE-2010...

4.3CVSS5.2AI score0.14498EPSS
CVE
CVE
added 2010/11/10 1:0 a.m.73 views

CVE-2010-2732

CVE-2010-2732 is an open redirect spoofing vulnerability in Forefront UAG 2010 (Gold), Update 1, and Update 2. The issue arises when the UAG web interface fails to validate redirects, allowing an attacker to redirect users to a malicious site via a specially crafted URL, potentially capturing cre...

5.8CVSS6.7AI score0.13668EPSS
CVE
CVE
added 2011/10/12 1:0 a.m.73 views

CVE-2011-1969

CVE-2011-1969 affects Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 through the MicrosoftClient.jar Java applet. The issue arises because the signed Java applet loads unsigned Java classes, which can be exploited to execute arbitrary code on client machin...

9.3CVSS7.9AI score0.17309EPSS
CVE
CVE
added 2012/04/10 9:0 p.m.58 views

CVE-2012-0147

Microsoft Forefront UAG 2010 SP1 and SP1 Update 1 expose an information-disclosure vulnerability due to improper/default web site configuration, allowing unauthenticated remote access to sensitive web content via crafted HTTPS requests (CVE-2012-0147). Connected sources confirm this is part of th...

5CVSS5.9AI score0.3562EPSS
CVE
CVE
added 2012/04/10 9:0 p.m.57 views

CVE-2012-0146

CVE-2012-0146 : Affects Microsoft Forefront UAG 2010 SP1 and SP1 Update 1. Open redirect vulnerability allows remote attackers to redirect users to arbitrary sites via a crafted URL (phishing risk). Root cause is an improper redirect handling in UAG’s web flow. Exploitation is possible remotely; ...

5.8CVSS6.5AI score0.10996EPSS
CVE
CVE
added 2011/10/12 1:0 a.m.56 views

CVE-2011-1895

Microsoft Forefront UAG (2010 Gold/Update 1/Update 2/SP1) is affected by multiple vulnerabilities addressed in MS11-079. The CVE-2011-1895 issue is an HTTP response-splitting/CRLF injection in ExcelTable.asp that can lead to header tampering and related cross-site scripting attacks; related CVEs ...

4.3CVSS5.5AI score0.11137EPSS
CVE
CVE
added 2010/11/10 1:0 a.m.55 views

CVE-2010-2734

CVE-2010-2734 is a non-persistent cross-site scripting (XSS) vulnerability in the Forefront Unified Access Gateway (UAG) mobile portal. According to the MS10-089 bulletin, it affects UAG 2010, Update 1, and Update 2, and could allow an attacker to inject script via specially crafted input that ru...

4.3CVSS5.7AI score0.14498EPSS
CVE
CVE
added 2011/10/12 1:0 a.m.54 views

CVE-2011-1897

CVE-2011-1897 is a cross-site scripting (XSS) vulnerability affecting Microsoft Forefront UAG 2010 Gold, Update 1, Update 2, and SP1 (the issue is identified as the Default Reflected XSS Vulnerability). Public sources in the provided set confirm the vulnerability is addressed by Microsoft MS11-07...

4.3CVSS5.1AI score0.08397EPSS
CVE
CVE
added 2010/11/10 1:0 a.m.46 views

CVE-2010-3936

CVE-2010-3936 is an XSS in Signurl.asp affecting Forefront UAG 2010 (Gold) and Update 1/Update 2. The MS10-089 bulletin (KB2433584/KB2433585/KB2418933) addresses this vulnerability along with related UAG XSS flaws, requiring update installation to mitigate. Exploitation would enable non-persisten...

4.3CVSS5.7AI score0.19111EPSS
CVE
CVE
added 2018/07/05 8:0 p.m.46 views

CVE-2018-12571

CVE-2018-12571 affects Microsoft Forefront Unified Access Gateway 2010. The vulnerability arises in uniquesig0/InternalSite/InitParams.aspx where a comma-separated orig_url list can trigger outbound DNS queries to arbitrary hosts, enabling potential traffic amplification and/or SSRF. POCs and dis...

9.8CVSS9.2AI score0.30274EPSS
Web
CVE
CVE
added 2011/10/12 1:0 a.m.45 views

CVE-2011-2012

Microsoft Forefront UAG 2010 Gold/Update 1/2 and SP1 is affected by CVE-2011-2012 due to improper validation of session cookies, enabling a remote attacker to cause a denial of service (IIS outage) by sending unspecified network traffic. This is part of the MS11-079 set of vulnerabilities and is ...

5CVSS6.7AI score0.16588EPSS
CVE
CVE
added 2011/10/12 1:0 a.m.42 views

CVE-2011-1896

CVE-2011-1896 is a reflected XSS in Microsoft Forefront UAG (ExcelTable.aspx) affecting 2010 Gold, Update 1/2, and SP1. Root cause: Web Monitor fails to sanitize some input, allowing arbitrary script execution in the victim’s browser. Documents indicate exploitation could arise from the UAG Web M...

4.3CVSS5.1AI score0.08256EPSS