Lucene search

[email protected]CVE-2018-16793

HistorySep 21, 2018 - 4:29 p.m.

CVE-2018-16793

2018-09-2116:29:00

CWE-918

[email protected]

web.nvd.nist.gov

cve-2018-16793

ssrf

microsoft exchange server

owa

outlook web access

security vulnerability

nvd

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.6%

JSON

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

CPENameOperatorVersion
microsoft:exchange_servermicrosoft exchange servereq2010

CPE	Name	Operator	Version
microsoft:exchange_server	microsoft exchange server	eq	2010

References

packetstormsecurity.com/files/149411/Rollup-18-For-Microsoft-Exchange-Server-2010-SP3-Server-Side-Request-Forgery.html

seclists.org/fulldisclosure/2018/Sep/20

www.securityfocus.com/bid/105386

seclists.org/bugtraq/2018/Sep/38

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

7.4 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.6%

JSON

Related for CVE-2018-16793

cvelist1 prion1