Lucene search

[email protected]CVE-2015-1771

HistoryJun 10, 2015 - 1:59 a.m.

CVE-2015-1771

2015-06-1001:59:00

CWE-352

[email protected]

web.nvd.nist.gov

microsoft exchange

csrf

vulnerability

nvd

security

web applications

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.1%

JSON

Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka “Exchange Cross-Site Request Forgery Vulnerability.”

CPENameOperatorVersion
microsoft:exchange_servermicrosoft exchange servereq2013

CPE	Name	Operator	Version
microsoft:exchange_server	microsoft exchange server	eq	2013

References

www.securityfocus.com/bid/75011

www.securitytracker.com/id/1032528

docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-064

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.1%

JSON

Related for CVE-2015-1771

symantec1 cvelist1 prion1 nessus1 kaspersky1 openvas1 securityvulns1