This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2017-06-29
Product Azure Active Directory Connect Last view 2019-05-16
Version - Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:azure_active_directory_connect

Activity : Overall

Related : CVE

  Date Alert Description
5.3 2019-05-16 CVE-2019-1000

An elevation of privilege vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in context of a privileged account, and perform privileged actions.To exploit this, an attacker would need to authenticate to the Azure AD Connect server, aka 'Microsoft Azure AD Connect Elevation of Privilege Vulnerability'.

8.1 2017-06-29 CVE-2017-8613

Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "Azure AD Connect Elevation of Privilege Vulnerability."

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-640 Weak Password Recovery Mechanism for Forgotten Password
50% (1) CWE-269 Improper Privilege Management

Nessus® Vulnerability Scanner

id Description
2017-06-29 Name: An application installed on the remote Windows host is affected by an elevati...
File: smb_kb4033453.nasl - Type: ACT_GATHER_INFO