CVE-2018-8159

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

Published: May 9, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-8159
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
microsoft / exchange_server	2016-cumulative_update_8	2016-cumulative_update_8.x
microsoft / exchange_server	2013-cumulative_update_19	2013-cumulative_update_19.x
microsoft / exchange_server	2016-cumulative_update_9	2016-cumulative_update_9.x
microsoft / exchange_server	2013-cumulative_update_20	2013-cumulative_update_20.x

http://www.securityfocus.com/bid/104056
http://www.securitytracker.com/id/1040850
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8159

Vulnerability Database

290,206

CVE-2018-8159