CVE-2017-11761 — MEDIUM (5.3)

Vulnerability Description

Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"

CVSS Score

5.3

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Microsoft	Exchange Server	2013

Related Weaknesses (CWE)

CWE-200

References

http://www.securityfocus.com/bid/100731Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039320Third Party AdvisoryVDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1176PatchVendor Advisory
http://www.securityfocus.com/bid/100731Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1039320Third Party AdvisoryVDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-1176PatchVendor Advisory

FAQ

What is CVE-2017-11761?

CVE-2017-11761 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Mic...

How severe is CVE-2017-11761?

CVE-2017-11761 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-11761?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Exchange Server.