Exchange Server@2016 Security Vulnerabilities and Issues — Page 3 of Exchange Server@2016 CVE List

Lucene search

MicrosoftExchange Server2016

135 matches found

CVE•added 2016/01/13 5:59 a.m.•101 views

CVE-2016-0030

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

6.1CVSS5.9AI score0.01465EPSS

CVE•added 2016/01/13 5:59 a.m.•100 views

CVE-2016-0032

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

6.1CVSS5.9AI score0.01465EPSS

CVE•added 2018/05/09 7:29 p.m.•100 views

CVE-2018-8154

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151.

10CVSS6.9AI score0.18036EPSS

CVE•added 2019/07/29 2:14 p.m.•99 views

CVE-2019-1137

A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.

5.4CVSS5AI score0.00799EPSS

CVE•added 2020/11/11 7:15 a.m.•98 views

CVE-2020-17085

Microsoft Exchange Server Denial of Service Vulnerability

6.2CVSS6.5AI score0.04239EPSS

CVE•added 2018/10/10 1:29 p.m.•97 views

CVE-2018-8265

A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server.

9.3CVSS7.8AI score0.18296EPSS

CVE•added 2019/01/08 9:29 p.m.•96 views

CVE-2019-0586

10CVSS9.4AI score0.20842EPSS

CVE•added 2016/01/13 5:59 a.m.•95 views

CVE-2016-0031

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029.

6.1CVSS5.8AI score0.01465EPSS

CVE•added 2022/08/09 8:15 p.m.•95 views

CVE-2022-34692

Microsoft Exchange Server Information Disclosure Vulnerability

5.3CVSS6.4AI score0.01948EPSS

CVE•added 2016/01/13 5:59 a.m.•94 views

CVE-2016-0029

6.1CVSS5.8AI score0.01465EPSS

CVE•added 2018/03/14 5:29 p.m.•89 views

CVE-2018-0941

Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0924.

5.5CVSS5.5AI score0.25846EPSS

CVE•added 2018/10/10 1:29 p.m.•89 views

CVE-2018-8448

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

5.8CVSS6.1AI score0.00555EPSS

CVE•added 2018/08/15 5:29 p.m.•87 views

CVE-2018-8302

10CVSS9.4AI score0.1694EPSS

CVE•added 2018/03/14 5:29 p.m.•85 views

CVE-2018-0940

Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumu...

6.5CVSS6.5AI score0.1153EPSS

CVE•added 2016/09/14 10:59 a.m.•83 views

CVE-2016-0138

Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging t...

4.3CVSS4.9AI score0.16066EPSS

CVE•added 2017/07/11 9:29 p.m.•83 views

CVE-2017-8560

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability...

6.1CVSS5.9AI score0.0079EPSS

CVE•added 2018/03/14 5:29 p.m.•82 views

CVE-2018-0924

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server ...

6.5CVSS5.5AI score0.25846EPSS

CVE•added 2019/01/08 9:29 p.m.•80 views

CVE-2019-0588

An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.

6.5CVSS7AI score0.03687EPSS

CVE•added 2017/05/26 8:29 p.m.•78 views

CVE-2017-8537

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Excha...

5.5CVSS5.1AI score0.1918EPSS

CVE•added 2017/07/11 9:29 p.m.•76 views

CVE-2017-8621

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".

6.1CVSS6AI score0.00915EPSS

CVE•added 2018/12/12 12:29 a.m.•76 views

CVE-2018-8604

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.

4.3CVSS4.2AI score0.03652EPSS

CVE•added 2016/09/14 10:59 a.m.•74 views

CVE-2016-3378

Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "Micro...

7.4CVSS7AI score0.02934EPSS

CVE•added 2018/05/09 7:29 p.m.•72 views

CVE-2018-8151

An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154.

4.3CVSS6.1AI score0.18036EPSS

CVE•added 2017/09/13 1:29 a.m.•71 views

CVE-2017-8758

Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability."

6.1CVSS5.9AI score0.0079EPSS

CVE•added 2023/09/12 5:15 p.m.•68 views

CVE-2023-36777

Microsoft Exchange Server Information Disclosure Vulnerability

5.7CVSS5.5AI score0.02252EPSS

CVE•added 2018/05/09 7:29 p.m.•63 views

CVE-2018-8159

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

5.8CVSS7AI score0.00997EPSS

CVE•added 2017/12/12 9:29 p.m.•62 views

CVE-2017-11932

Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".

8.1CVSS7.7AI score0.11456EPSS

CVE•added 2018/05/09 7:29 p.m.•61 views

CVE-2018-8152

5.8CVSS7AI score0.00997EPSS

CVE•added 2017/09/13 1:29 a.m.•59 views

CVE-2017-11761

Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"

5.3CVSS5.3AI score0.07988EPSS

CVE•added 2017/07/11 9:29 p.m.•58 views

CVE-2017-8559

6.1CVSS5.9AI score0.0079EPSS

CVE•added 2018/08/15 5:29 p.m.•58 views

CVE-2018-8374

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.

4.3CVSS6.5AI score0.00841EPSS

CVE•added 2016/09/14 10:59 a.m.•57 views

CVE-2016-3379

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability."

6.1CVSS6.2AI score0.0716EPSS

CVE•added 2018/05/09 7:29 p.m.•56 views

CVE-2018-8153

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server.

5.8CVSS7AI score0.00611EPSS

CVE•added 2017/05/26 8:29 p.m.•53 views

CVE-2017-8535

5.5CVSS5.1AI score0.1918EPSS

CVE•added 2017/05/26 8:29 p.m.•53 views

CVE-2017-8536

5.5CVSS5.1AI score0.1918EPSS

Total number of security vulnerabilities135