Open Redirect Vulnerability in Microsoft Exchange Servers
CVE-2017-8621

6.1MEDIUM

Key Information:

Vendor
Microsoft
Status
Microsoft Exchange Server 2010 Sp3, Exchange Server 2013 Sp3, Exchange Server 2013 Cu16, And Exchange Server 2016 Cu5.
Vendor
CVE Published:
11 July 2017

Summary

The identified vulnerability in Microsoft Exchange Servers allows attackers to exploit an open redirect flaw. This could facilitate phishing attacks through URL manipulation, as it permits redirection to malicious websites without proper validation. Organizations using Microsoft Exchange Server 2010 SP3, 2013 SP3, 2013 CU16, or 2016 CU5 must implement necessary patches and security measures to mitigate these potential threats.

Affected Version(s)

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5. Microsoft Exchange

References

https://portal.msrc.microsoft.com/en-us/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038852
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99533
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.