Microsoft » Forefront Unified Access Gateway : Security Vulnerabilities, CVEs, CVSS score >= 7
uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.
Max CVSS
9.8
EPSS Score
3.63%
Published
2018-07-05
Updated
2018-09-04
Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
Max CVSS
9.3
EPSS Score
49.67%
Published
2011-10-12
Updated
2018-10-12
2 vulnerabilities found