PT-2019-1816 · Microsoft · Outlook Web Access+1

Cameron Vincent

Published

2019-04-09

Updated

2020-08-24

CVE-2019-0858

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server (affected versions not specified)

Description A spoofing issue exists due to improper handling of web requests by Outlook Web Access (OWA) in Microsoft Exchange Server. This could allow a remote attacker to impact the confidentiality and integrity of protected information using a specially crafted link. The attacker could perform script or content injection attacks, trick the user into disclosing sensitive information, or redirect the user to a malicious website that could spoof content. The issue could also be used to chain an attack with other vulnerabilities in web services.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-79

Related Identifiers

BDU:2019-01468

CVE-2019-0858

Affected Products

Exchange Server

Outlook Web Access

PT-2019-1816 · Microsoft · Outlook Web Access+1

CVE-2019-0858

Weakness Enumeration

Related Identifiers

Affected Products

References · 5