Lucene search
MicrosoftVULNRICHMENT:CVE-2023-35348HistoryJul 11, 2023 - 5:02 p.m.
CVE-2023-35348 Active Directory Federation Service Security Feature Bypass Vulnerability
2023-07-1117:02:53
CWE-522
microsoft
github.com
7
cve-2023-35348
active directory
federation service
security feature bypass
vulnerability
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
46.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
CNA Affected
[
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4645:*:*:*:*:*:*:*"
],
"vendor": "Microsoft",
"product": "Windows Server 2019",
"versions": [
{
"status": "affected",
"version": "10.0.0",
"lessThan": "10.0.17763.4645",
"versionType": "custom"
}
],
"platforms": [
"x64-based Systems"
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4645:*:*:*:*:*:*:*"
],
"vendor": "Microsoft",
"product": "Windows Server 2019 (Server Core installation)",
"versions": [
{
"status": "affected",
"version": "10.0.0",
"lessThan": "10.0.17763.4645",
"versionType": "custom"
}
],
"platforms": [
"x64-based Systems"
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1850:*:*:*:*:*:*:*"
],
"vendor": "Microsoft",
"product": "Windows Server 2022",
"versions": [
{
"status": "affected",
"version": "10.0.0",
"lessThan": "10.0.20348.1850",
"versionType": "custom"
}
],
"platforms": [
"x64-based Systems"
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6085:*:*:*:*:*:*:*"
],
"vendor": "Microsoft",
"product": "Windows Server 2016",
"versions": [
{
"status": "affected",
"version": "10.0.0",
"lessThan": "10.0.14393.6085",
"versionType": "custom"
}
],
"platforms": [
"x64-based Systems"
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6085:*:*:*:*:*:*:*"
],
"vendor": "Microsoft",
"product": "Windows Server 2016 (Server Core installation)",
"versions": [
{
"status": "affected",
"version": "10.0.0",
"lessThan": "10.0.14393.6085",
"versionType": "custom"
}
],
"platforms": [
"x64-based Systems"
]
}
]Related
prion
prion
Security feature bypass
2023-07-11 18:15:00
mscve
mscve
Active Directory Federation Service Security Feature Bypass Vulnerability
2023-07-11 07:00:00
nvd
nvd
CVE-2023-35348
2023-07-11 18:15:19
cve
cve
CVE-2023-35348
2023-07-11 18:15:19
cvelist
cvelist
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, July 2023 Security Update Review
2023-07-11 20:30:33
mskb
mskb
July 11, 2023âKB5028169 (OS Build 14393.6085)
2023-07-11 07:00:00
July 11, 2023âKB5028171 (OS Build 20348.1850)
2023-07-11 07:00:00
July 11, 2023âKB5028168 (OS Build 17763.4645)
2023-07-11 07:00:00
nessus
nessus
kaspersky
kaspersky
KLA50774 Multiple vulnerabilities in Microsoft Windows
2023-07-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - July 2023
2023-07-11 21:50:34
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:F/RL:O/RC:C
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
46.0%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-35348