CVE-2015-1638

Published: Apr 14, 2015Modified: May 6, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."

Affected (3)

Products: Microsoft: Windows Server 2012

1 product

Windows Server 2012

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Server 2012	Version r2
Microsoft Windows Server 2012	Version r2
Microsoft Windows Server 2012	Version r2

Related CWEs

References (4)

http://www.securitytracker.com/id/1032115

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-040

Source: secure@microsoft.com

http://www.securitytracker.com/id/1032115

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-040

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.