cbcvebase.
CVE-2014-6331
published 2014-11-11

CVE-2014-6331: Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly…

PriorityP433medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
20.32%
97.2th percentile
Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftactive_directory_federation_services
microsoftactive_directory_federation_services
microsoftactive_directory_federation_services
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.