Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2018-8159

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

Published: May 9, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-8159
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
microsoft / exchange_server	2016-cumulative_update_8	2016-cumulative_update_8.x
microsoft / exchange_server	2013-cumulative_update_19	2013-cumulative_update_19.x
microsoft / exchange_server	2016-cumulative_update_9	2016-cumulative_update_9.x
microsoft / exchange_server	2013-cumulative_update_20	2013-cumulative_update_20.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo