Information Disclosure Vulnerability in Microsoft Active Directory Federation Services
CVE-2014-6331

Currently unrated

Key Information:

Vendor

Microsoft
Status
Active Directory Federation Services
Vendor
CVE Published:
11 November 2014

What is CVE-2014-6331?

In Microsoft Active Directory Federation Services (AD FS) versions 2.0, 2.1, and 3.0, an improper handling of logoff actions occurs when a configured SAML Relying Party lacks a proper sign-out endpoint. This oversight can potentially allow remote attackers to exploit unattended workstations to gain unauthorized access to sensitive information, heightening the risk of information disclosure. Addressing this vulnerability is essential to maintain the integrity of security protocols and protect user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://blogs.technet.com/b/srd/archive/2014/11/11/assessi...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1031195
vdb-entryx_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS

EPSS Score

33% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.