Lucene search

[email protected]CVE-2014-6336

HistoryDec 11, 2014 - 12:59 a.m.

CVE-2014-6336

2014-12-1100:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2014-6336

outlook web app

owa

microsoft exchange server

validation vulnerability

url redirection

nvd

6.7 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.011 Low

EPSS

Percentile

84.0%

JSON

Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka “Exchange URL Redirection Vulnerability.”

CPENameOperatorVersion
microsoft:exchange_servermicrosoft exchange servereq2013

CPE	Name	Operator	Version
microsoft:exchange_server	microsoft exchange server	eq	2013

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-075

6.7 Medium

AI Score

Confidence

Low

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.011 Low

EPSS

Percentile

84.0%

JSON

Related for CVE-2014-6336

prion1 mskb1 checkpoint_advisories1 symantec1 nessus1 kaspersky1 openvas1