CVE-2021-4045613.10.2021, 01:15Windows AD FS Security Feature Bypass VulnerabilityEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTPrimary5.3 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NBase ScoreCVSS 3.xEPSS ScorePercentile: UnknownAffected Products (NVD)VendorProductVersionmicrosoftwindows_server_2019-microsoftwindows_server_2022*𝑥= Vulnerable software versionsWindows ReleasesPlatformVersionWindows Server2004 Server CoreKB500667020H2 Server CoreKB5006670Windows Server 2019Server CoreKB5006672StandardKB5006672Windows Server 2022Server CoreKB5006699StandardKB5006699Common Weakness EnumerationCWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.Referenceshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40456https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40456