CVE-2017-0159

low

Description

A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability."

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0159

http://www.securitytracker.com/id/1038243

http://www.securityfocus.com/bid/97449

Details

Source: Mitre, NVD

Published: 2017-04-12

Updated: 2019-10-03

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Low