// For flags

CVE-2014-6331

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."

Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, y 3.0, cuando a un SAML Relying Party configurado le falta un cierre de sesión del endpoint, no procesa debidamente las acciones logoff, lo que facilita a atacantes remotos obtener acceso mediante el aprovechamiento de una estación de trabajo desatendida, también conocido como 'vulnerabilidad de divulgación de información de Microsoft Active Directory Federation Services'

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-09-11 CVE Reserved
  • 2014-11-11 CVE Published
  • 2023-04-26 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Active Directory Federation Services
Search vendor "Microsoft" for product "Active Directory Federation Services"
2.1
Search vendor "Microsoft" for product "Active Directory Federation Services" and version "2.1"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2012
Search vendor "Microsoft" for product "Windows Server 2012"
*x64
Safe
Microsoft
Search vendor "Microsoft"
Active Directory Federation Services
Search vendor "Microsoft" for product "Active Directory Federation Services"
2.0
Search vendor "Microsoft" for product "Active Directory Federation Services" and version "2.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows 2008
Search vendor "Microsoft" for product "Windows 2008"
*sp2, x64
Safe
Microsoft
Search vendor "Microsoft"
Active Directory Federation Services
Search vendor "Microsoft" for product "Active Directory Federation Services"
2.0
Search vendor "Microsoft" for product "Active Directory Federation Services" and version "2.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows 2008
Search vendor "Microsoft" for product "Windows 2008"
*sp2, x86
Safe
Microsoft
Search vendor "Microsoft"
Active Directory Federation Services
Search vendor "Microsoft" for product "Active Directory Federation Services"
2.0
Search vendor "Microsoft" for product "Active Directory Federation Services" and version "2.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows 2008
Search vendor "Microsoft" for product "Windows 2008"
r2
Search vendor "Microsoft" for product "Windows 2008" and version "r2"
sp2, x64
Safe
Microsoft
Search vendor "Microsoft"
Active Directory Federation Services
Search vendor "Microsoft" for product "Active Directory Federation Services"
3.0
Search vendor "Microsoft" for product "Active Directory Federation Services" and version "3.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2012
Search vendor "Microsoft" for product "Windows Server 2012"
r2
Search vendor "Microsoft" for product "Windows Server 2012" and version "r2"
x64
Safe