CVE-2017-8621

EPSS 0.85%
Veröffentlicht 11.07.2017 21:29:02
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version2010 Updatesp3

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_16

Microsoft ≫ Exchange Server Version2013 Updatesp1

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.85%	0.741

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

http://www.securitytracker.com/id/1038852

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/99533

Third Party Advisory

VDB Entry

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8621

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-8621

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-8621

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-8621

EUVD