CVE-2018-8448

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server (affected versions not specified)

Description The issue is related to insufficient access restrictions in the Exchange Outlook Web Access (OWA) component of Microsoft Exchange Server. It can be exploited by a remote attacker who sends a specially crafted email with a malicious link to a user, potentially leading to the disclosure of protected information. The vulnerability can also be used to perform script or content injection attacks, attempting to trick the user into revealing sensitive information. This requires the user to click on a maliciously crafted link sent by the attacker.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.