CVE-2018-8152

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

Published: May 9, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-8152
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
microsoft / exchange_server	2016-cumulative_update_8	2016-cumulative_update_8.x
microsoft / exchange_server	2016-cumulative_update_9	2016-cumulative_update_9.x

http://www.securityfocus.com/bid/104043
http://www.securitytracker.com/id/1040850
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8152

Vulnerability Database

290,206

CVE-2018-8152