CVE-2021-41361
published 2021-10-13CVE-2021-41361: Active Directory Federation Server Spoofing Vulnerability
low3.5CVSS 3.1
AVNACLPRLUIRSUCNILAN
Active Directory Federation Server Spoofing Vulnerability
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | >= 10.0.0 < 10.0.14393.4704 | 10.0.14393.4704 |
| microsoft | windows_server_2019 | >= 10.0.0 < 10.0.17763.2237 | 10.0.17763.2237 |
| microsoft | windows_server_2022 | >= 10.0.0 < 10.0.20348.288 | 10.0.20348.288 |
| microsoft | windows_server_version_2004 | >= 10.0.0 < 10.0.19041.1288 | 10.0.19041.1288 |
| microsoft | windows_server_version_20h2 | >= 10.0.0 < 10.0.19041.1288 | 10.0.19041.1288 |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_version_2004 | — | — |
| msrc | windows_server_version_20h2 | — | — |
Microsoft
Active Directory Federation Server Spoofing Vulnerability
vendor_msrc·2021-10-12·CVSS 5.4
CVE-2021-41361 [MEDIUM] Active Directory Federation Server Spoofing Vulnerability
Active Directory Federation Server Spoofing Vulnerability
FAQ: How could an attacker exploit this vulnerability?
The ADFS (Active Directory Federation Services) services are vulnerable during the logout redirect request to cross-site scripting of the post logout redirect URI. An attacker who successfully exploited this vulnerability could leave an application using this ADFS library vulnerable to common XSS attacks.
Active Directory Federation Services: Active Directory Federation Services
Microsoft: Microsoft
Impact: Spoofing
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006672
Reference: https://suppo
GHSA
GHSA-w5wj-j6jx-xf6h: Active Directory Federation Server Spoofing Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-41361 [LOW] GHSA-w5wj-j6jx-xf6h: Active Directory Federation Server Spoofing Vulnerability
Active Directory Federation Server Spoofing Vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-13
Published