Lucene search

[email protected]CVE-2015-1638

HistoryApr 14, 2015 - 8:59 p.m.

CVE-2015-1638

2015-04-1420:59:02

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-1638

microsoft

active directory federation services

ad fs 3.0

windows server

vulnerability

information disclosure

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.8%

JSON

Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka “Active Directory Federation Services Information Disclosure Vulnerability.”

Affected configurations

NVD

Node

microsoftwindows_server_2012Matchr2datacenter

microsoftwindows_server_2012Matchr2essentials

microsoftwindows_server_2012Matchr2standard

CPENameOperatorVersion
microsoft:windows_server_2012microsoft windows server 2012eqr2

CPE	Name	Operator	Version
microsoft:windows_server_2012	microsoft windows server 2012	eq	r2

References

www.securitytracker.com/id/1032115

docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-040

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.8%

JSON

Related for CVE-2015-1638

cvelist1 nvd1 openvas1 nessus1 kaspersky1 prion1 securityvulns1 symantec1 mskb1