| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2017-8559 | Microsoft Exchange Cross-Site Scripting Vulnerability | Microsoft Exchange | Critical | 12-07-2017 |
Technical Information
Brief overview of the risk:
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.
Detailed Information on the risk:
To exploit the vulnerability, an attacker could send a specially crafted email message containing a malicious link to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link.
Microsoft Exchange Server 2013 Cumulative Update 16Further information on this exploit is available at : CVE-2017-8559
Microsoft Exchange Server 2013 SP1
Microsoft Exchange Server 2016 Cumulative Update 5
Affected Software
Microsoft Exchange Server 2013 Cumulative Update 16Microsoft Exchange Server 2013 SP1
Microsoft Exchange Server 2016 Cumulative Update 5