Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-6331

Опубликовано: 11 нояб. 2014
Источник: nvd
CVSS2: 5
EPSS Средний

Описание

Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:active_directory_federation_services:2.1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:x64:*:*
Конфигурация 2

Одновременно

cpe:2.3:a:microsoft:active_directory_federation_services:2.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows_2008:*:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_2008:*:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_2008:r2:sp2:*:*:*:*:x64:*
Конфигурация 3

Одновременно

cpe:2.3:a:microsoft:active_directory_federation_services:3.0:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:x64:*:*

EPSS

Процентиль: 97%
0.33598
Средний

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

github логотип

GHSA-4qc7-rj5q-mg48

github
больше 3 лет назад

Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."

EPSS

Процентиль: 97%
0.33598
Средний

5 Medium

CVSS2

Дефекты

CWE-264