Elevation of Privilege Vulnerability in Microsoft Exchange Outlook Web Access
CVE-2018-0940

6.5MEDIUM

Key Information:

Vendor
Microsoft
Status
Microsoft Exchange Outlook Web Access (owa)
Vendor
CVE Published:
14 March 2018

Summary

Microsoft Exchange Outlook Web Access (OWA) is susceptible to an elevation of privilege vulnerability due to inadequate handling of links in email messages. This issue arises from the improper rewriting of links within the body of email messages, potentially allowing attackers to elevate their privileges within the software. A successful exploit could lead to unauthorized access to sensitive information and user accounts within the affected Microsoft Exchange Server environment.

Affected Version(s)

Microsoft Exchange Outlook Web Access (OWA) Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8

References

http://www.securityfocus.com/bid/103323
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040521
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.