CVE-2021-40456

Опубликовано: 12 окт. 2021

Источник: msrc

CVSS3: 5.3

EPSS Низкий

Описание

Windows AD FS Security Feature Bypass Vulnerability

FAQ

What kind of security feature could be bypassed by successfully exploiting this vulnerability?

This vulnerability could allow an attacker to bypass ADFS BannedIPList entries for WS-Trust workflows.

Обновления

Продукт	Статья	Обновление
Windows Server 2019	5006672	Security Update
Windows Server 2019 (Server Core installation)	5006672	Security Update
Windows Server, version 2004 (Server Core installation)	5006670	Security Update
Windows Server, version 20H2 (Server Core Installation)	5006670	Security Update
Windows Server 2022	5006699	Security Update
Windows Server 2022 (Server Core installation)	5006699	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 78%

0.01264

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2021-40456

CVSS3: 5.3

nvd

больше 3 лет назад

Windows AD FS Security Feature Bypass Vulnerability

GHSA-j5xg-6v4g-89vw

CVSS3: 7.5

github

около 3 лет назад

Windows AD FS Security Feature Bypass Vulnerability

BDU:2021-05024

CVSS3: 5.3

fstec

больше 3 лет назад

Уязвимость службы Active Directory Federation Services (AD FS) операционной системы Windows, позволяющая нарушителю обойти механизм защиты

EPSS

Процентиль: 78%

0.01264

Низкий

5.3 Medium

CVSS3