Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2019-0975

Published

4 years ago

Last Modified

3 years ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

Medium

Impact Analysis

A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security update corrects how ADFS updates its list of banned IP addresses., aka 'ADFS Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-1126..

CVSSv2.0 Score

Severity: Medium
Base Score: 6.8/10
Exploit Score: 8.6/10
Access Vector: Network
Access Complexity: Medium
Authentication Required: None
Impact Score: 6.4/10
Confidentiality Impact: Partial
Availability Impact: Partial
Integrity Impact: Partial

CVSSv3.1 Score

Severity: Medium
Base Score: 6.3/10
Exploit Score: 2.8/10
Access Vector: Network
Access Complexity: Low
Privileges Required: None
Impact Score: 3.4/10
Confidentiality Impact: Low
Availability Impact: Low
Integrity Impact: Low
Scope: Unchanged
User Interaction: Required

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:o:microsoft:windows_server_2016:-:::::::*	Yes	-	-
cpe:2.3:o:microsoft:windows_server_2016:1803:::::::*	Yes	-	-
cpe:2.3:o:microsoft:windows_server_2019:-:::::::*	Yes	-	-
cpe:2.3:o:microsoft:windows_server_2016:1903:::::::*	Yes	-	-

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0975