6.5
CVE-2018-0924
- EPSS 21.38%
- Veröffentlicht 14.03.2018 17:29:03
- Zuletzt bearbeitet 21.11.2024 03:39:14
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
LoginMicrosoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0941.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Exchange Server Version2010 Updatesp3_rollup20
Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_18
Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_19
Microsoft ≫ Exchange Server Version2013 Updatesp1
Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_7
Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 21.38% | 0.955 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.