CVE-2015-1638

Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."

Published: Apr 14, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-1638
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
microsoft / windows_server_2012	r2	r2.x

http://www.securitytracker.com/id/1032115
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-040

Vulnerability Database

289,697

CVE-2015-1638