PT-2017-18441 · Microsoft · Exchange Server
Published
2017-07-11
·
Updated
2017-07-17
·
CVE-2017-8621
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft Exchange Server versions 2010 SP3 through 2016 CU5
Description
An open redirect issue exists that could lead to spoofing. An attacker could exploit this by sending a specially crafted URL link, convincing an authenticated user to click it, and then redirecting the user's browser session to a malicious site impersonating a legitimate website. This could potentially allow the attacker to acquire sensitive information, such as the user's credentials.
Recommendations
For Microsoft Exchange Server 2010 SP3, update to a version that includes the fix for this issue.
For Microsoft Exchange Server 2013 SP3 and CU16, update to a version that includes the fix for this issue.
For Microsoft Exchange Server 2016 CU5, update to a version that includes the fix for this issue.
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Exchange Server