PT-2017-18411 · Microsoft · Exchange Outlook Web Access+1
Ashar Javed
+1
·
Published
2017-07-11
·
Updated
2017-07-14
·
CVE-2017-8560
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft Exchange Server versions 2010 SP3, 2013 SP3, 2013 CU16, 2016 CU5
Description
The issue arises from the way Microsoft Exchange Outlook Web Access (OWA) handles web requests, allowing an elevation of privilege. This could lead to script or content injection attacks, where an attacker might trick a user into disclosing sensitive information by clicking a maliciously crafted link.
Recommendations
For Microsoft Exchange Server 2010 SP3, update to a version that includes the fix for this issue.
For Microsoft Exchange Server 2013 SP3, update to a version that includes the fix for this issue.
For Microsoft Exchange Server 2013 CU16, update to a version that includes the fix for this issue.
For Microsoft Exchange Server 2016 CU5, update to a version that includes the fix for this issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Exchange Server
Exchange Outlook Web Access