CVE-2017-8559

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560.

Published: Jul 11, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-8559
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
microsoft / exchange_server	2013-sp1	2013-sp1.x
microsoft / exchange_server	2013-cumulative_update_16	2013-cumulative_update_16.x
microsoft / exchange_server	2016-cumulative_update_5	2016-cumulative_update_5.x

http://www.securityfocus.com/bid/99448
http://www.securitytracker.com/id/1038852
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8559

Vulnerability Database

289,784

CVE-2017-8559