Vulnerability Details : CVE-2017-8560
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559.
Vulnerability category: Cross site scripting (XSS)Gain privilege
Products affected by CVE-2017-8560
- cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_16:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_5:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8560
0.29%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8560
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2017-8560
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8560
-
http://www.securityfocus.com/bid/99449
Microsoft Exchange Server CVE-2017-8560 Remote Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8560
CVE-2017-8560 | Microsoft Exchange Server Elevation of Privilege VulnerabilityVendor Advisory;Patch
-
http://www.securitytracker.com/id/1038852
Microsoft Exchange Input Validation Flaws Let Remote Users Conduct Open Redirect and Cross-Site Scripting Attacks - SecurityTrackerThird Party Advisory;VDB Entry
Jump to