Elevation of Privilege Vulnerability in Microsoft Exchange Server
CVE-2017-8560

6.1MEDIUM

Key Information:

Vendor
Microsoft
Status
Microsoft Exchange Server 2010 Sp3, Exchange Server 2013 Sp3, Exchange Server 2013 Cu16, And Exchange Server 2016 Cu5.
Vendor
CVE Published:
11 July 2017

Summary

A vulnerability exists in Microsoft Exchange Server's handling of web requests in Outlook Web Access (OWA), allowing attackers to elevate their privileges. This may lead to unauthorized actions within the affected Exchange environments. It is essential for organizations using the affected versions to apply security patches to mitigate potential risks associated with this issue.

Affected Version(s)

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5. Microsoft Exchange

References

https://portal.msrc.microsoft.com/en-us/security-guidance...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/99449
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038852
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.