Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ghsa-42m9-f9c6-jjrj
Vulnerability from github
Published
2022-05-24 16:50
Modified
2024-04-04 01:15
Severity ?
Details
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.
{ affected: [], aliases: [ "CVE-2019-1006", ], database_specific: { cwe_ids: [ "CWE-295", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2019-07-15T19:15:00Z", severity: "HIGH", }, details: "An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.", id: "GHSA-42m9-f9c6-jjrj", modified: "2024-04-04T01:15:50Z", published: "2022-05-24T16:50:15Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-1006", }, { type: "WEB", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", type: "CVSS_V3", }, ], }
cve-2019-1006
Vulnerability from cvelistv5
Published
2019-07-15 18:56
Modified
2024-08-04 18:06
Severity ?
EPSS score ?
Summary
An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Windows |
Version: 7 for 32-bit Systems Service Pack 1 Version: 7 for x64-based Systems Service Pack 1 Version: 8.1 for 32-bit systems Version: 8.1 for x64-based systems Version: RT 8.1 Version: 10 for 32-bit Systems Version: 10 for x64-based Systems Version: 10 Version 1607 for 32-bit Systems Version: 10 Version 1607 for x64-based Systems Version: 10 Version 1703 for 32-bit Systems Version: 10 Version 1703 for x64-based Systems Version: 10 Version 1709 for 32-bit Systems Version: 10 Version 1709 for x64-based Systems Version: 10 Version 1803 for 32-bit Systems Version: 10 Version 1803 for x64-based Systems Version: 10 Version 1803 for ARM64-based Systems Version: 10 Version 1809 for 32-bit Systems Version: 10 Version 1809 for x64-based Systems Version: 10 Version 1809 for ARM64-based Systems Version: 10 Version 1709 for ARM64-based Systems |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T18:06:31.475Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Windows", vendor: "Microsoft", versions: [ { status: "affected", version: "7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "8.1 for 32-bit systems", }, { status: "affected", version: "8.1 for x64-based systems", }, { status: "affected", version: "RT 8.1", }, { status: "affected", version: "10 for 32-bit Systems", }, { status: "affected", version: "10 for x64-based Systems", }, { status: "affected", version: "10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "10 Version 1607 for x64-based Systems", }, { status: "affected", version: "10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "10 Version 1703 for x64-based Systems", }, { status: "affected", version: "10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "10 Version 1709 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "10 Version 1803 for x64-based Systems", }, { status: "affected", version: "10 Version 1803 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1809 for 32-bit Systems", }, { status: "affected", version: "10 Version 1809 for x64-based Systems", }, { status: "affected", version: "10 Version 1809 for ARM64-based Systems", }, { status: "affected", version: "10 Version 1709 for ARM64-based Systems", }, ], }, { product: "Windows Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2008 R2 for x64-based Systems Service Pack 1 (Core installation)", }, { status: "affected", version: "2008 R2 for Itanium-Based Systems Service Pack 1", }, { status: "affected", version: "2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "2008 for 32-bit Systems Service Pack 2 (Core installation)", }, { status: "affected", version: "2012", }, { status: "affected", version: "2012 (Core installation)", }, { status: "affected", version: "2012 R2", }, { status: "affected", version: "2012 R2 (Core installation)", }, { status: "affected", version: "2016", }, { status: "affected", version: "2016 (Core installation)", }, { status: "affected", version: "version 1803 (Core Installation)", }, { status: "affected", version: "2019", }, { status: "affected", version: "2019 (Core installation)", }, { status: "affected", version: "2008 for Itanium-Based Systems Service Pack 2", }, { status: "affected", version: "2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "2008 for x64-based Systems Service Pack 2", }, { status: "affected", version: "2008 for x64-based Systems Service Pack 2 (Core installation)", }, ], }, { product: "Microsoft SharePoint Foundation", vendor: "Microsoft", versions: [ { status: "affected", version: "2010 Service Pack 2", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft .NET Framework 4.5.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows RT 8.1", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 4.6", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft SharePoint Enterprise Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2016", }, { status: "affected", version: "2013 Service Pack 1", }, ], }, { product: "Microsoft .NET Framework 4.6/4.6.1/4.6.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 10 for 32-bit Systems", }, { status: "affected", version: "Windows 10 for x64-based Systems", }, ], }, { product: "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows RT 8.1", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, ], }, { product: "Microsoft SharePoint Server", vendor: "Microsoft", versions: [ { status: "affected", version: "2019", }, ], }, { product: "Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows 10 Version 1903 for ARM64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows RT 8.1", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2016", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "1903", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", vendor: "Microsoft", versions: [ { status: "affected", version: "unspecified", }, ], }, { product: "Microsoft.IdentityModel", vendor: "Microsoft", versions: [ { status: "affected", version: "7.0.0", }, ], }, { product: "Microsoft .NET Framework 3.5", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows Server 2012", }, { status: "affected", version: "Windows Server 2012 (Server Core installation)", }, { status: "affected", version: "Windows 8.1 for 32-bit systems", }, { status: "affected", version: "Windows 8.1 for x64-based systems", }, { status: "affected", version: "Windows Server 2012 R2", }, { status: "affected", version: "Windows Server 2012 R2 (Server Core installation)", }, { status: "affected", version: "Windows 10 for 32-bit Systems", }, { status: "affected", version: "Windows 10 for x64-based Systems", }, { status: "affected", version: "Windows Server 2016", }, { status: "affected", version: "Windows 10 Version 1607 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1607 for x64-based Systems", }, { status: "affected", version: "Windows Server 2016 (Server Core installation)", }, { status: "affected", version: "Windows 10 Version 1703 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1703 for x64-based Systems", }, { status: "affected", version: "Windows 10 Version 1709 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1709 for x64-based Systems", }, { status: "affected", version: "Windows 10 Version 1803 for 32-bit Systems", }, { status: "affected", version: "Windows 10 Version 1803 for x64-based Systems", }, { status: "affected", version: "Windows Server, version 1803 (Server Core Installation)", }, ], }, { product: "Microsoft .NET Framework 3.0", vendor: "Microsoft", versions: [ { status: "affected", version: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 2.0", vendor: "Microsoft", versions: [ { status: "affected", version: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { status: "affected", version: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, { product: "Microsoft .NET Framework 3.5.1", vendor: "Microsoft", versions: [ { status: "affected", version: "Windows 7 for 32-bit Systems Service Pack 1", }, { status: "affected", version: "Windows 7 for x64-based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { status: "affected", version: "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", }, { status: "affected", version: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, ], }, ], descriptions: [ { lang: "en", value: "An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-15T18:56:20", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@microsoft.com", ID: "CVE-2019-1006", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Windows", version: { version_data: [ { version_value: "7 for 32-bit Systems Service Pack 1", }, { version_value: "7 for x64-based Systems Service Pack 1", }, { version_value: "8.1 for 32-bit systems", }, { version_value: "8.1 for x64-based systems", }, { version_value: "RT 8.1", }, { version_value: "10 for 32-bit Systems", }, { version_value: "10 for x64-based Systems", }, { version_value: "10 Version 1607 for 32-bit Systems", }, { version_value: "10 Version 1607 for x64-based Systems", }, { version_value: "10 Version 1703 for 32-bit Systems", }, { version_value: "10 Version 1703 for x64-based Systems", }, { version_value: "10 Version 1709 for 32-bit Systems", }, { version_value: "10 Version 1709 for x64-based Systems", }, { version_value: "10 Version 1803 for 32-bit Systems", }, { version_value: "10 Version 1803 for x64-based Systems", }, { version_value: "10 Version 1803 for ARM64-based Systems", }, { version_value: "10 Version 1809 for 32-bit Systems", }, { version_value: "10 Version 1809 for x64-based Systems", }, { version_value: "10 Version 1809 for ARM64-based Systems", }, { version_value: "10 Version 1709 for ARM64-based Systems", }, ], }, }, { product_name: "Windows Server", version: { version_data: [ { version_value: "2008 R2 for x64-based Systems Service Pack 1 (Core installation)", }, { version_value: "2008 R2 for Itanium-Based Systems Service Pack 1", }, { version_value: "2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "2008 for 32-bit Systems Service Pack 2 (Core installation)", }, { version_value: "2012", }, { version_value: "2012 (Core installation)", }, { version_value: "2012 R2", }, { version_value: "2012 R2 (Core installation)", }, { version_value: "2016", }, { version_value: "2016 (Core installation)", }, { version_value: "version 1803 (Core Installation)", }, { version_value: "2019", }, { version_value: "2019 (Core installation)", }, { version_value: "2008 for Itanium-Based Systems Service Pack 2", }, { version_value: "2008 for 32-bit Systems Service Pack 2", }, { version_value: "2008 for x64-based Systems Service Pack 2", }, { version_value: "2008 for x64-based Systems Service Pack 2 (Core installation)", }, ], }, }, { product_name: "Microsoft SharePoint Foundation", version: { version_data: [ { version_value: "2010 Service Pack 2", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft .NET Framework 4.5.2", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows RT 8.1", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, { version_value: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6", version: { version_data: [ { version_value: "Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft SharePoint Enterprise Server", version: { version_data: [ { version_value: "2016", }, { version_value: "2013 Service Pack 1", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6/4.6.1/4.6.2", version: { version_data: [ { version_value: "Windows 10 for 32-bit Systems", }, { version_value: "Windows 10 for x64-based Systems", }, ], }, }, { product_name: "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows RT 8.1", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, ], }, }, { product_name: "Microsoft SharePoint Server", version: { version_data: [ { version_value: "2019", }, ], }, }, { product_name: "Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows 10 Version 1903 for ARM64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows RT 8.1", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2016", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1703 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", version: { version_data: [ { version_value: "1903", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", version: { version_data: [ { version_value: "", }, ], }, }, { product_name: "Microsoft.IdentityModel", version: { version_data: [ { version_value: "7.0.0", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5", version: { version_data: [ { version_value: "Windows Server 2012", }, { version_value: "Windows Server 2012 (Server Core installation)", }, { version_value: "Windows 8.1 for 32-bit systems", }, { version_value: "Windows 8.1 for x64-based systems", }, { version_value: "Windows Server 2012 R2", }, { version_value: "Windows Server 2012 R2 (Server Core installation)", }, { version_value: "Windows 10 for 32-bit Systems", }, { version_value: "Windows 10 for x64-based Systems", }, { version_value: "Windows Server 2016", }, { version_value: "Windows 10 Version 1607 for 32-bit Systems", }, { version_value: "Windows 10 Version 1607 for x64-based Systems", }, { version_value: "Windows Server 2016 (Server Core installation)", }, { version_value: "Windows 10 Version 1703 for 32-bit Systems", }, { version_value: "Windows 10 Version 1703 for x64-based Systems", }, { version_value: "Windows 10 Version 1709 for 32-bit Systems", }, { version_value: "Windows 10 Version 1709 for x64-based Systems", }, { version_value: "Windows 10 Version 1803 for 32-bit Systems", }, { version_value: "Windows 10 Version 1803 for x64-based Systems", }, { version_value: "Windows Server, version 1803 (Server Core Installation)", }, ], }, }, { product_name: "Microsoft .NET Framework 3.0", version: { version_data: [ { version_value: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 2.0", version: { version_data: [ { version_value: "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2", }, { version_value: "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2", }, ], }, }, { product_name: "Microsoft .NET Framework 3.5.1", version: { version_data: [ { version_value: "Windows 7 for 32-bit Systems Service Pack 1", }, { version_value: "Windows 7 for x64-based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", }, { version_value: "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1", }, { version_value: "Windows Server 2008 R2 for x64-based Systems Service Pack 1", }, ], }, }, ], }, vendor_name: "Microsoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Elevation of Privilege", }, ], }, ], }, references: { reference_data: [ { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2019-1006", datePublished: "2019-07-15T18:56:20", dateReserved: "2018-11-26T00:00:00", dateUpdated: "2024-08-04T18:06:31.475Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.