Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0924

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0941.

Published

2018-03-14T17:29:03.073

Last Modified

2024-11-21T03:39:14.153

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-601
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application microsoft exchange_server 2010 Yes
Application microsoft exchange_server 2013 Yes
Application microsoft exchange_server 2013 Yes
Application microsoft exchange_server 2013 Yes
Application microsoft exchange_server 2016 Yes
Application microsoft exchange_server 2016 Yes
References