CVE-2016-3378 — Improper Input Validation in Microsoft Exchange Server

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.4HIGHNVD

EPSS

3.1%

top 13.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Exchange Server

Timeline

PublishedSep 14

Latest updateMay 14

Description

Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "Microsoft Exchange Open Redirect Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

▶NVDmicrosoft/exchange_server2013, 2016+1

🔴Vulnerability Details

GHSA

GHSA-55p2-r3rv-vvr9: Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and↗2022-05-14

▶

CVEList

CVE-2016-3378: Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and↗2016-09-14

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Open Redirect Vulnerability↗2016-09-13

▶