Exchange Server@2016 Security Vulnerabilities and Issues — Exchange Server@2016 CVE List

Lucene search

MicrosoftExchange Server2016

7 matches found

CVE•added 2016/01/13 5:59 a.m.•101 views

CVE-2016-0030

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

6.1CVSS5.9AI score0.01465EPSS

CVE•added 2016/01/13 5:59 a.m.•100 views

CVE-2016-0032

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."

6.1CVSS5.9AI score0.01465EPSS

CVE•added 2016/01/13 5:59 a.m.•95 views

CVE-2016-0031

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029.

6.1CVSS5.8AI score0.01465EPSS

CVE•added 2016/01/13 5:59 a.m.•94 views

CVE-2016-0029

6.1CVSS5.8AI score0.01465EPSS

CVE•added 2016/09/14 10:59 a.m.•83 views

CVE-2016-0138

Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging t...

4.3CVSS4.9AI score0.15244EPSS

CVE•added 2016/09/14 10:59 a.m.•74 views

CVE-2016-3378

Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "Micro...

7.4CVSS7AI score0.02934EPSS

CVE•added 2016/09/14 10:59 a.m.•57 views

CVE-2016-3379

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability."

6.1CVSS6.2AI score0.0716EPSS