CVE-2018-8448

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

Published: Oct 10, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-8448
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
microsoft / exchange_server	2013-cumulative_update_21	2013-cumulative_update_21.x
microsoft / exchange_server	2016-cumulative_update_10	2016-cumulative_update_10.x

http://www.securityfocus.com/bid/105492
http://www.securitytracker.com/id/1041836
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448

Vulnerability Database

289,784

CVE-2018-8448