CVE-2015-1638 — Sensitive Information Exposure in Microsoft Windows Server 2012

CWE-2644 documents3 sources

Severity

5.8MEDIUMNVD

EPSS

22.7%

top 4.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2012

Timeline

PublishedApr 14

Latest updateMay 14

Description

Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

🔴Vulnerability Details

GHSA

GHSA-r4hh-qx8q-mghc: Microsoft Active Directory Federation Services (AD FS) 3↗2022-05-14

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday for April 2015: 11 Bulletins Released↗2015-04-14

▶

Talos

Microsoft Patch Tuesday for April 2015: 11 Bulletins Released↗2015-04-14

▶