Vendor scorecard
Microsoft Identity
Microsoft Identity security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: microsoft
Product families
2
Open in latest
6
Inferred — see methodology
Last disclosure
May 13, 2025
01
Product categories
2 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Entra / Identity SyncIdentity & Access Managementazure_active_directory_connect, entra_connect, defender_for_identity | 2 | 2 | 2.0.9.0MED | ||
| Active Directory / ADFSIdentity & Access Managementactive_directory, active_directory_federation_services, active_directory_domain_services | 0 | 4 | 4.0LOW |
02
Recent CVEs
4 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-26685(opens NVD record) | Medium | 6.5 | Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network. | May 13, 2025 |
| CVE-2022-22323(opens NVD record) | Medium | 6.5 | IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379. | Apr 27, 2022 |
| CVE-2022-22312(opens NVD record) | Medium | 6.5 | IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369. | Apr 27, 2022 |
| CVE-2021-36949(opens NVD record) | High | 7.1 | Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | Aug 12, 2021 |
2 CVEs · 2 product families