5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.5 Medium
AI Score
Confidence
Low
0.01 Low
EPSS
Percentile
83.8%
Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka “Active Directory Federation Services Information Disclosure Vulnerability.”
CPE | Name | Operator | Version |
---|---|---|---|
microsoft:windows_server_2012 | microsoft windows server 2012 | eq | r2 |