Home

CVE-2013-3185

Description

Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct account-lockout attacks, by connecting to an endpoint, aka AD FS Information Disclosure Vulnerability.

Risk Information

Base Score
8.2
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
EPSS Score
Exploitation Probability
26.526

Associated Vulnerability

VulnerabilityOS Platform
Security Update for Windows Server 2008 (KB2868846)Windows
Security Update for Windows Server 2008 x64 Edition (KB2868846)Windows
Security Update for Windows Server 2008 R2 x64 Edition (KB2868846)Windows
Security Update for Windows Server 2012 (KB2843639) x64 bases systemsWindows
Security Update for Windows Server 2012 (KB2843638) x64 bases systemsWindows
Security Update for Windows Server 2008 (KB2843638)Windows
Security Update for Windows Server 2008 x64 Edition (KB2843638)Windows
Security Update for Windows Server 2008 R2 x64 Edition (KB2843638)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-14187Security Update for Windows Server 2008 (KB2868846)
PATCH-14188Security Update for Windows Server 2008 x64 Edition (KB2868846)
PATCH-14189Security Update for Windows Server 2008 R2 x64 Edition (KB2868846)
PATCH-14190Security Update for Windows Server 2012 (KB2843639)
PATCH-14193Security Update for Windows Server 2012 (KB2843639)
PATCH-14194Security Update for Windows Server 2008 (KB2843638)
PATCH-14195Security Update for Windows Server 2008 x64 Edition (KB2843638)
PATCH-14196Security Update for Windows Server 2008 R2 x64 Edition (KB2843638)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234