Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Exchange_server
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 216 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-09-21 | CVE-2018-16793 | Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. | Exchange_server | 8.6 | ||
| 2017-07-11 | CVE-2017-8621 | Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability". | Exchange_server | 6.1 | ||
| 2017-07-11 | CVE-2017-8560 | Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559. | Exchange_server | 6.1 | ||
| 2017-07-11 | CVE-2017-8559 | Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560. | Exchange_server | 6.1 | ||
| 2017-12-12 | CVE-2017-11932 | Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability". | Exchange_server | 8.1 | ||
| 2017-09-12 | CVE-2017-11761 | Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability" | Exchange_server | 5.3 | ||
| 2017-03-16 | CVE-2017-0110 | Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." | Exchange_server | 6.1 | ||
| 2016-09-14 | CVE-2016-3379 | Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability." | Exchange_server | 6.1 | ||
| 2016-09-14 | CVE-2016-3378 | Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "Microsoft Exchange Open Redirect Vulnerability." | Exchange_server | 7.4 | ||
| 2016-09-14 | CVE-2016-0138 | Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability." | Exchange_server | 4.3 |