8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
70.5%
12/12/2017
Critical
Improper web requests handling was found in Microsoft Exchange Server at Outlook Web Access. By exploiting this vulnerability malicious users can spoof user interface. This vulnerability can be exploited remotely via a specially designed email with malicious link.
Microsoft Exchange Server 2013 Cumulative Update 17
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
SUI
CVE-2017-119325.8High
support.microsoft.com/kb/4045655
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11932
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170023
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11932
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Exchange-Server/
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
70.5%