Vulnerability Description
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Exchange Server | 2013 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99449Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038852Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8560PatchVendor Advisory
- http://www.securityfocus.com/bid/99449Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038852Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8560PatchVendor Advisory
FAQ
What is CVE-2017-8560?
CVE-2017-8560 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outloo...
How severe is CVE-2017-8560?
CVE-2017-8560 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8560?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Exchange Server.