Soaj1664Ashar

**Name of the Vulnerable Software and Affected Versions** Microsoft Exchange Server versions 2010 SP3, 2013 SP3, 2013 CU16, 2016 CU5 **Description** The issue arises from the way Microsoft Exchange Outlook Web Access (OWA) handles web requests, allowing an elevation of privilege. This could lead to script or content injection attacks, where an attacker might trick a user into disclosing sensitive information by clicking a maliciously crafted link. **Recommendations** For Microsoft Exchange Server 2010 SP3, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2013 SP3, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2013 CU16, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2016 CU5, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft SharePoint (affected versions not specified) **Description** An elevation of privilege issue exists due to Microsoft SharePoint software's failure to properly sanitize specially crafted requests. This issue is related to a cross-site scripting (XSS) vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Excel Services on Microsoft SharePoint Server 2010 versions SP1 through SP2 Microsoft Excel Web Apps 2010 version SP2 Microsoft Office Web Apps 2010 version SP2 Microsoft Office Web Apps Server 2013 version SP1 Office Online Server (affected versions not specified) **Description** The issue allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request. **Recommendations** For Microsoft Excel Services on Microsoft SharePoint Server 2010 versions SP1 through SP2, update to a version that includes the fix for this issue. For Microsoft Excel Web Apps 2010 version SP2, update to a version that includes the fix for this issue. For Microsoft Office Web Apps 2010 version SP2, update to a version that includes the fix for this issue. For Microsoft Office Web Apps Server 2013 version SP1, update to a version that includes the fix for this issue. For Office Online Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.