CVE-2017-8560

EPSS 0.79%
Veröffentlicht 11.07.2017 21:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_16

Microsoft ≫ Exchange Server Version2013 Updatesp1

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.79%	0.731

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securitytracker.com/id/1038852

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/99449

Third Party Advisory

VDB Entry

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8560

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-8560

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-8560

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-8560

EUVD