Microsoft

Exchange Server

223 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2015-1771

  • EPSS 2.01%
  • Veröffentlicht 10.06.2015 01:59:37
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vu...

4.3

CVE-2015-1764

  • EPSS 8.11%
  • Veröffentlicht 10.06.2015 01:59:33
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF...

5

CVE-2015-1631

  • EPSS 8.6%
  • Veröffentlicht 11.03.2015 10:59:34
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability."

4.3

CVE-2015-1632

  • EPSS 6.64%
  • Veröffentlicht 11.03.2015 10:59:34
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError ...

4.3

CVE-2015-1630

  • EPSS 6.94%
  • Veröffentlicht 11.03.2015 10:59:33
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting V...

4.3

CVE-2015-1629

  • EPSS 6.94%
  • Veröffentlicht 11.03.2015 10:59:32
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vu...

4.3

CVE-2015-1628

  • EPSS 6.94%
  • Veröffentlicht 11.03.2015 10:59:31
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.Us...

3.5

CVE-2014-6336

  • EPSS 3.8%
  • Veröffentlicht 11.12.2014 00:59:07
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unsp...

4.3

CVE-2014-6326

  • EPSS 5.13%
  • Veröffentlicht 11.12.2014 00:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2...

4.3

CVE-2014-6325

  • EPSS 5.13%
  • Veröffentlicht 11.12.2014 00:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2...