Elevation of Privilege Vulnerability in Microsoft Exchange Server Products
CVE-2017-8559

6.1MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2010 Sp3, Exchange Server 2013 Sp3, Exchange Server 2013 Cu16, And Exchange Server 2016 Cu5.
Vendor: CVE Published:; 11 July 2017

🔔 Create Microsoft Vulnerability Alert

What is CVE-2017-8559?

Microsoft Exchange Server products are vulnerable to an elevation of privilege due to improper handling of web requests in Exchange Outlook Web Access (OWA). This flaw could allow an attacker to execute a script in the context of a user, potentially compromising sensitive data and facilitating unauthorized actions through web interfaces.

Affected Version(s)

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5. Microsoft Exchange

References

http://www.securityfocus.com/bid/99448

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1038852

vdb-entryx_refsource_SECTRACK

https://portal.msrc.microsoft.com/en-us/security-guidance...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2017
Vulnerability Reserved
May 3, 2017

.

CVE-2017-8559 : Elevation of Privilege Vulnerability in Microsoft Exchange Server Products