Exchange Server Security Vulnerabilities and Issues — Exchange Server CVE List

Lucene search

MicrosoftExchange Server

24 matches found

CVE•added 2008/10/21 1:18 a.m.•328 views

CVE-2008-1547

Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.

4.3CVSS6.6AI score0.65006EPSS

CVE•added 2008/07/08 11:41 p.m.•107 views

CVE-2008-2248

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.

4.3CVSS6.2AI score0.25123EPSS

CVE•added 2013/12/11 12:55 a.m.•87 views

CVE-2013-5072

Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability."

4.3CVSS5AI score0.06639EPSS

CVE•added 2016/09/14 10:59 a.m.•83 views

CVE-2016-0138

Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging t...

4.3CVSS4.9AI score0.16066EPSS

CVE•added 2010/12/16 7:33 p.m.•82 views

CVE-2010-3937

Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."

4CVSS6.2AI score0.3821EPSS

CVE•added 2005/06/14 4:0 a.m.•81 views

CVE-2005-0563

Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc ript:") in an IMG tag.

4.3CVSS5.5AI score0.22959EPSS

CVE•added 2018/12/12 12:29 a.m.•76 views

CVE-2018-8604

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.

4.3CVSS4.2AI score0.03652EPSS

CVE•added 2018/05/09 7:29 p.m.•72 views

CVE-2018-8151

An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154.

4.3CVSS6.1AI score0.18036EPSS

CVE•added 2015/06/10 1:59 a.m.•63 views

CVE-2015-2359

Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability."

4.3CVSS5.9AI score0.14054EPSS

CVE•added 2015/06/10 1:59 a.m.•62 views

CVE-2015-1764

The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange Server-Side Request Forger...

4.3CVSS6.6AI score0.09472EPSS

CVE•added 2018/08/15 5:29 p.m.•58 views

CVE-2018-8374

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.

4.3CVSS6.5AI score0.00841EPSS

CVE•added 2008/07/08 11:41 p.m.•57 views

CVE-2008-2247

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248.

4.3CVSS6.2AI score0.25123EPSS

CVE•added 2015/03/11 10:59 a.m.•53 views

CVE-2015-1628

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cro...

4.3CVSS5.4AI score0.06935EPSS

CVE•added 2015/09/09 12:59 a.m.•53 views

CVE-2015-2543

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability."

4.3CVSS5.6AI score0.08117EPSS

CVE•added 2014/12/11 12:59 a.m.•52 views

CVE-2014-6326

Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability," a different vulnerability than CVE-2014-6325.

4.3CVSS5AI score0.0513EPSS

CVE•added 2015/03/11 10:59 a.m.•51 views

CVE-2015-1632

Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Sc...

4.3CVSS5.5AI score0.06643EPSS

CVE•added 2015/03/11 10:59 a.m.•50 views

CVE-2015-1629

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnerability."

4.3CVSS5.4AI score0.06935EPSS

CVE•added 2015/09/09 12:59 a.m.•46 views

CVE-2015-2544

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability."

4.3CVSS5.6AI score0.08117EPSS

CVE•added 2010/05/27 7:30 p.m.•45 views

CVE-2010-2091

Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) a...

4.3CVSS5.7AI score0.04459EPSS

CVE•added 2003/11/17 5:0 a.m.•44 views

CVE-2003-0712

Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.

4.3CVSS6.1AI score0.18968EPSS

CVE•added 2015/03/11 10:59 a.m.•44 views

CVE-2015-1630

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulnerability."

4.3CVSS5.4AI score0.06935EPSS

CVE•added 2001/09/12 4:0 a.m.•42 views

CVE-1999-1322

The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.

4.6CVSS7.4AI score0.00812EPSS

CVE•added 2014/12/11 12:59 a.m.•42 views

CVE-2014-6325

4.3CVSS5AI score0.0513EPSS

CVE•added 2004/11/23 5:0 a.m.•41 views

CVE-2004-0203

Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.

4.3CVSS5.7AI score0.25669EPSS