PT-2018-18462 · Microsoft · Outlook Web Access+1

Max Smith

Published

2018-05-08

Updated

2020-08-24

CVE-2018-8153

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server (affected versions not specified)

Description A spoofing issue exists when Outlook Web Access (OWA) fails to properly handle web requests. This could allow an attacker to perform script or content injection attacks and trick users into disclosing sensitive information. An attacker could also redirect users to a malicious website that could spoof content or be used to chain an attack with other vulnerabilities in web services.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

CVE-2018-8153

Affected Products

Exchange Server

Outlook Web Access

PT-2018-18462 · Microsoft · Outlook Web Access+1

CVE-2018-8153

Weakness Enumeration

Related Identifiers

Affected Products

References · 5