CVE-2017-8621

6.1MEDIUM

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2010 Sp3, Exchange Server 2013 Sp3, Exchange Server 2013 Cu16, And Exchange Server 2016 Cu5.
Vendor: CVE Published:; 11 July 2017

Summary

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".

Affected Version(s)

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5. Microsoft Exchange

References

https://portal.msrc.microsoft.com/en-us/security-guidance...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1038852

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/99533

vdb-entryx_refsource_BID

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 11, 2017
Vulnerability Reserved
May 3, 2017

Collectors

NVD DatabaseMitre Database