CVE-2014-6331

{"id": "CVE-2014-6331", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-11T22:55:05.153", "references": [{"url": "http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/70938", "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id/1031195", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-077", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka \"Active Directory Federation Services Information Disclosure Vulnerability.\""}, {"lang": "es", "value": "Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, y 3.0, cuando a un SAML Relying Party configurado le falta un cierre de sesi\u00f3n del endpoint, no procesa debidamente las acciones logoff, lo que facilita a atacantes remotos obtener acceso mediante el aprovechamiento de una estaci\u00f3n de trabajo desatendida, tambi\u00e9n conocido como 'vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Active Directory Federation Services'"}], "lastModified": "2018-10-12T22:07:34.770", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:active_directory_federation_services:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "443F8670-CC7C-45B9-AF84-E4EEC5772E46"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:x64:*:*", "vulnerable": false, "matchCriteriaId": "DE7B69C3-F9F6-4C3D-B237-A3D9CCB1DCFF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:active_directory_federation_services:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6254D595-C818-4C2E-956F-3A1B12C812EF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2008:*:sp2:*:*:*:*:x64:*", "vulnerable": false, "matchCriteriaId": "E19DC8D9-0CBD-43A8-B5D0-DF94D5071EC7"}, {"criteria": "cpe:2.3:o:microsoft:windows_2008:*:sp2:*:*:*:*:x86:*", "vulnerable": false, "matchCriteriaId": "4046193A-FC25-47E4-ACB9-500906642B4B"}, {"criteria": "cpe:2.3:o:microsoft:windows_2008:r2:sp2:*:*:*:*:x64:*", "vulnerable": false, "matchCriteriaId": "40116921-17F0-457E-BBC2-13672CBA9465"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:active_directory_federation_services:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F3E7662-38ED-44C6-A6BB-85CB53003B1D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:x64:*:*", "vulnerable": false, "matchCriteriaId": "D29A1464-D228-4E0D-8FEA-06B9CBCA7F74"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secure@microsoft.com"}