CVE-2017-8560

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions 2010 SP3, 2013 SP3, 2013 CU16, 2016 CU5

Description The issue arises from the way Microsoft Exchange Outlook Web Access (OWA) handles web requests, allowing an elevation of privilege. This could lead to script or content injection attacks, where an attacker might trick a user into disclosing sensitive information by clicking a maliciously crafted link.

Recommendations For Microsoft Exchange Server 2010 SP3, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2013 SP3, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2013 CU16, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2016 CU5, update to a version that includes the fix for this issue.