CVE-2014-6331
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."
Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, y 3.0, cuando a un SAML Relying Party configurado le falta un cierre de sesión del endpoint, no procesa debidamente las acciones logoff, lo que facilita a atacantes remotos obtener acceso mediante el aprovechamiento de una estación de trabajo desatendida, también conocido como 'vulnerabilidad de divulgación de información de Microsoft Active Directory Federation Services'
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-09-11 CVE Reserved
- 2014-11-11 CVE Published
- 2023-04-26 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/70938 | Vdb Entry | |
| http://www.securitytracker.com/id/1031195 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Active Directory Federation Services Search vendor "Microsoft" for product "Active Directory Federation Services" | 2.1 Search vendor "Microsoft" for product "Active Directory Federation Services" and version "2.1" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | * | x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Active Directory Federation Services Search vendor "Microsoft" for product "Active Directory Federation Services" | 2.0 Search vendor "Microsoft" for product "Active Directory Federation Services" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2008 Search vendor "Microsoft" for product "Windows 2008" | * | sp2, x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Active Directory Federation Services Search vendor "Microsoft" for product "Active Directory Federation Services" | 2.0 Search vendor "Microsoft" for product "Active Directory Federation Services" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2008 Search vendor "Microsoft" for product "Windows 2008" | * | sp2, x86 |
Safe
|
| Microsoft Search vendor "Microsoft" | Active Directory Federation Services Search vendor "Microsoft" for product "Active Directory Federation Services" | 2.0 Search vendor "Microsoft" for product "Active Directory Federation Services" and version "2.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2008 Search vendor "Microsoft" for product "Windows 2008" | r2 Search vendor "Microsoft" for product "Windows 2008" and version "r2" | sp2, x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Active Directory Federation Services Search vendor "Microsoft" for product "Active Directory Federation Services" | 3.0 Search vendor "Microsoft" for product "Active Directory Federation Services" and version "3.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | r2 Search vendor "Microsoft" for product "Windows Server 2012" and version "r2" | x64 |
Safe
|