CVE-2010-2091

Name of the Vulnerable Software and Affected Versions Microsoft Outlook Web Access (OWA) version 8.2.254.0

Description The issue is related to the handling of the id parameter in a Folder IPF.Note action to the default URI. This might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. The estimated number of potentially affected devices worldwide is not available.

Recommendations For Microsoft Outlook Web Access (OWA) version 8.2.254.0, consider avoiding the use of the id parameter in the Folder IPF.Note action until a fix is available. As a temporary workaround, restrict access to the default URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.