CVE-2014-6336

EPSS 3.8%
Published 11.12.2014 00:59:07
Last modified 12.04.2025 10:46:40
Source secure@microsoft.com
Teams watchlist Login
Open Login

Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_6

Microsoft ≫ Exchange Server Version2013 Updatesp1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.8%	0.87

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075

https://nvd.nist.gov/vuln/detail/CVE-2014-6336

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-6336

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-6336

EUVD