CVE-2016-3378

EPSS 3.12%
Veröffentlicht 14.09.2016 10:59:52
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "Microsoft Exchange Open Redirect Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_12

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_13

Microsoft ≫ Exchange Server Version2013 Updatesp1

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_1

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.12%	0.863

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.4	2.8	4	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1036778

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-108

http://www.securityfocus.com/bid/92833

https://nvd.nist.gov/vuln/detail/CVE-2016-3378

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-3378

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-3378

EUVD