CVE-2017-8560 Information

Description

Microsoft Exchange Server 2010 SP3 Exchange Server 2013 SP3 Exchange Server 2013 CU16 and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests aka \Microsoft Exchange Cross-Site Scripting Vulnerability. This CVE ID is unique from CVE-2017-8559.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/99449 http://www.securitytracker.com/id/1038852 https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8560

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1