Kaspersky LabKLA10612KLA10612 Information disclosure vulnerability in Microsoft AD Federation Services
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
74.2%
An unspecified vulnerability was found in Microsoft AD Federation Services. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via unattended workstation manipulations.
Original advisories
Related products
CVE list
CVE-2014-6331 critical
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Affected Products
- Microsoft Active Directory Federation Services 2.0, 2.1 and 3.0
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
74.2%