CVE-2001-0340Unrestricted File Upload in Microsoft Exchange Server

CWE-434Unrestricted File Upload3 documents3 sources
Severity
7.5HIGHNVD
EPSS
7.7%
top 8.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Exchange Server
Timeline
PublishedJul 21
Latest updateApr 30

Description

An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/exchange_server2000, 5.5+1

Patches

Patch: docs.microsoft.comPatch: docs.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-mcfj-5726-cfww: An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malici2022-04-30
CVEList
CVE-2001-0340: An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malici2001-09-18
CVE-2001-0340 — Unrestricted File Upload in Microsoft | cvebase