6.5

CVE-2018-0940

EPSS 18.36%
Veröffentlicht 14.03.2018 17:29:03
Zuletzt bearbeitet 21.11.2024 03:39:15
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka "Microsoft Exchange Elevation of Privilege Vulnerability".

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version2010 Updatesp3_rollup20

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_18

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_19

Microsoft ≫ Exchange Server Version2013 Updatesp1

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_7

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	18.36%	0.95

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

http://www.securitytracker.com/id/1040521

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/103323

Third Party Advisory

VDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0940

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-0940

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-0940

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-0940

EUVD