CVE-2018-16793 | SynScan

Vulnerability Database

289,689

Total vulnerabilities in the database

CVE-2018-16793

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

Published: Sep 21, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-16793
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.6
AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
microsoft / exchange_server	2010-sp3_rollup1	2010-sp3_rollup1.x
microsoft / exchange_server	2010-sp3_rollup2	2010-sp3_rollup2.x
microsoft / exchange_server	2010-sp3_rollup3	2010-sp3_rollup3.x
microsoft / exchange_server	2010-sp3_rollup4	2010-sp3_rollup4.x
microsoft / exchange_server	2010-sp3_rollup5	2010-sp3_rollup5.x
microsoft / exchange_server	2010-sp3_rollup6	2010-sp3_rollup6.x
microsoft / exchange_server	2010-sp3_rollup7	2010-sp3_rollup7.x
microsoft / exchange_server	2010-sp3_rollup8	2010-sp3_rollup8.x
microsoft / exchange_server	2010-sp3_rollup9	2010-sp3_rollup9.x
microsoft / exchange_server	2010-sp3_rollup10	2010-sp3_rollup10.x
microsoft / exchange_server	2010-sp3_rollup11	2010-sp3_rollup11.x
microsoft / exchange_server	2010-sp3_rollup12	2010-sp3_rollup12.x
microsoft / exchange_server	2010-sp3_rollup13	2010-sp3_rollup13.x
microsoft / exchange_server	2010-sp3_rollup14	2010-sp3_rollup14.x
microsoft / exchange_server	2010-sp3_rollup15	2010-sp3_rollup15.x
microsoft / exchange_server	2010-sp3_rollup16	2010-sp3_rollup16.x
microsoft / exchange_server	2010-sp3_rollup17	2010-sp3_rollup17.x
microsoft / exchange_server	2010-sp3_rollup18	2010-sp3_rollup18.x