Vulnerability Description
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0941.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Exchange Server | 2010 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103320Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040521Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0924PatchVendor Advisory
- http://www.securityfocus.com/bid/103320Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040521Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0924PatchVendor Advisory
FAQ
What is CVE-2018-0924?
CVE-2018-0924 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013...
How severe is CVE-2018-0924?
CVE-2018-0924 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0924?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Exchange Server.