Lucene search

K
nvd[email protected]NVD:CVE-2016-0028
HistoryJun 16, 2016 - 1:59 a.m.

CVE-2016-0028

2016-06-1601:59:03
CWE-200
web.nvd.nist.gov
10

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5

Confidence

High

EPSS

0.006

Percentile

78.1%

Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka “Microsoft Exchange Information Disclosure Vulnerability.”

Affected configurations

Nvd
Node
microsoftexchange_serverMatch2013cumulative_update_11
OR
microsoftexchange_serverMatch2013cumulative_update_12
OR
microsoftexchange_serverMatch2013sp1
OR
microsoftexchange_serverMatch2016
OR
microsoftexchange_serverMatch2016cumulative_update_1
AND
microsoftoutlook_web_access
VendorProductVersionCPE
microsoftexchange_server2013cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_11:*:*:*:*:*:*
microsoftexchange_server2013cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_12:*:*:*:*:*:*
microsoftexchange_server2013cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*
microsoftexchange_server2016cpe:2.3:a:microsoft:exchange_server:2016:*:*:*:*:*:*:*
microsoftexchange_server2016cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_1:*:*:*:*:*:*
microsoftoutlook_web_access*cpe:2.3:a:microsoft:outlook_web_access:*:*:*:*:*:*:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

5

Confidence

High

EPSS

0.006

Percentile

78.1%