CVE-2017-8560

6.1MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2010 Sp3, Exchange Server 2013 Sp3, Exchange Server 2013 Cu16, And Exchange Server 2016 Cu5.
Vendor: CVE Published:; 11 July 2017

Summary

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559.

Affected Version(s)

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5. Microsoft Exchange

References

https://portal.msrc.microsoft.com/en-us/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/99449

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1038852

vdb-entryx_refsource_SECTRACK

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 11, 2017
Vulnerability Reserved
May 3, 2017

Collectors

NVD DatabaseMitre Database

.