CVE-2017-11761

Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"

Published: Sep 13, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-11761
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
microsoft / exchange_server	2013-cumulative_update_17	2013-cumulative_update_17.x
microsoft / exchange_server	2016-cumulative_update_6	2016-cumulative_update_6.x
microsoft / exchange_server	2013-sp1	2013-sp1.x
microsoft / exchange_server	2013-cumulative_update_16	2013-cumulative_update_16.x
microsoft / exchange_server	2016-cumulative_update_5	2016-cumulative_update_5.x

http://www.securityfocus.com/bid/100731
http://www.securitytracker.com/id/1039320
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761

Vulnerability Database

289,784

CVE-2017-11761