← Back

CVE-2014-6331

nvd nist
Published: Nov 11, 2014Modified: May 6, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."

Affected (3)

Microsoft
1 product
Active Directory Federation Services
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Active Directory Federation Services
Version 2.1
Running on/withPlatform Versions
Microsoft
Windows Server 2012
All versions
Configuration B
1 vulnerable · 3 platform
Vulnerable SoftwareAffected Versions
Active Directory Federation Services
Version 2.0
Running on/withPlatform Versions
Microsoft
Windows 2008
All versions
Microsoft
Windows 2008
All versions
Microsoft
Windows 2008
Version r2 sp2
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Active Directory Federation Services
Version 3.0
Running on/withPlatform Versions
Microsoft
Windows Server 2012
Version r2

Related CWEs

CWE-264
CWE-264

References (8)

Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.