CVE-2021-4045613.10.2021, 01:15Windows AD FS Security Feature Bypass VulnerabilityEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST5.3 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NmicrosoftCNA5.3 MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:CCISA-ADPADP------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 81%VendorProductVersionmicrosoftwindows_server_2019-microsoftwindows_server_2022*𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-863 - Incorrect AuthorizationThe software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.Referenceshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40456https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40456