Vulnerability Description
Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka "Microsoft Exchange Elevation of Privilege Vulnerability".
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Exchange Server | 2010 |
References
- http://www.securityfocus.com/bid/103323Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040521Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0940PatchVendor Advisory
- http://www.securityfocus.com/bid/103323Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040521Third Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0940PatchVendor Advisory
FAQ
What is CVE-2018-0940?
CVE-2018-0940 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumul...
How severe is CVE-2018-0940?
CVE-2018-0940 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0940?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Exchange Server.