Elevation of Privilege Vulnerability in Microsoft Exchange Server Products
CVE-2017-8559

6.1MEDIUM

Key Information:

Vendor
Microsoft
Status
Microsoft Exchange Server 2010 Sp3, Exchange Server 2013 Sp3, Exchange Server 2013 Cu16, And Exchange Server 2016 Cu5.
Vendor
CVE Published:
11 July 2017

Summary

Microsoft Exchange Server products are vulnerable to an elevation of privilege due to improper handling of web requests in Exchange Outlook Web Access (OWA). This flaw could allow an attacker to execute a script in the context of a user, potentially compromising sensitive data and facilitating unauthorized actions through web interfaces.

Affected Version(s)

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5. Microsoft Exchange

References

http://www.securityfocus.com/bid/99448
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038852
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-us/security-guidance...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.