mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
102 lines
3.4 KiB
JSON
102 lines
3.4 KiB
JSON
{
|
|
"id": "CVE-2015-1638",
|
|
"sourceIdentifier": "secure@microsoft.com",
|
|
"published": "2015-04-14T20:59:02.310",
|
|
"lastModified": "2024-11-21T02:25:50.140",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka \"Active Directory Federation Services Information Disclosure Vulnerability.\""
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Microsoft Active Directory Federation Services (AD FS) 3.0 en Windows Server 2012 R2 no maneja correctamente las acciones de cierre de sesi\u00f3n, lo que permite a atacantes remotos evadir las restricciones de acceso mediante el aprovechamiento de una estaci\u00f3n de trabajo desatendida, tambi\u00e9n conocido como 'vulnerabilidad de la divulgaci\u00f3n de informaci\u00f3n de Active Directory Federation Services.'"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
|
|
"baseScore": 5.8,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 4.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-264"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:datacenter:*:*:*",
|
|
"matchCriteriaId": "32BCD530-F6E2-4F9B-AD4C-7DF2BED00296"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:essentials:*:*:*",
|
|
"matchCriteriaId": "A1318333-EF3A-4DBA-8DD7-367BF843F70D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:standard:*:*:*",
|
|
"matchCriteriaId": "74B5E7C1-6C1D-4605-91CF-AF105EFA678D"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1032115",
|
|
"source": "secure@microsoft.com"
|
|
},
|
|
{
|
|
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-040",
|
|
"source": "secure@microsoft.com"
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1032115",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-040",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |