CVE-2013-3185
Published on: 08/14/2013 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:28:31 PM UTC
Certain versions of Active Directory Federation Services from Microsoft contain the following vulnerability:
Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct account-lockout attacks, by connecting to an endpoint, aka "AD FS Information Disclosure Vulnerability."
- CVE-2013-3185 has been assigned by
[email protected] to track the vulnerability
CVSS2 Score: 5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Microsoft Updates for Multiple Vulnerabilities | US-CERT | Third Party Advisory US Government Resource www.us-cert.gov text/html |
![]() |
Repository / Oval Repository | oval.cisecurity.org text/html |
![]() |
Microsoft Security Bulletin MS13-066 - Important | Microsoft Docs | docs.microsoft.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Microsoft | Active Directory Federation Services | 2.0 | All | All | All |
Application | Microsoft | Active Directory Federation Services | 2.1 | All | All | All |
Application | Microsoft | Active Directory Federation Services | 2.0 | All | All | All |
Application | Microsoft | Active Directory Federation Services | 2.1 | All | All | All |
Operating System | Microsoft | Windows Server 2008 | All | sp2 | x64 | All |
Operating System | Microsoft | Windows Server 2008 | All | sp2 | x86 | All |
Operating System | Microsoft | Windows Server 2008 | All | sp2 | x64 | All |
Operating System | Microsoft | Windows Server 2008 | All | sp2 | x86 | All |
Operating System | Microsoft | Windows Server 2012 | - | All | All | All |
Operating System | Microsoft | Windows Server 2012 | - | All | All | All |
- cpe:2.3:a:microsoft:active_directory_federation_services:2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:active_directory_federation_services:2.1:*:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:active_directory_federation_services:2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:microsoft:active_directory_federation_services:2.1:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*:
- cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE