CVE-2017-11761 — Sensitive Information Exposure in Corporation Microsoft Exchange Server

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

8.0%

top 7.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Exchange Server Microsoft Exchange Server

Timeline

PublishedSep 13

Latest updateMay 17

Description

Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDmicrosoft/exchange_server2013, 2016+1

▶CVEListV5microsoft_corporation/microsoft_exchange_serverMicrosoft Exchange Server 2013 and Microsoft Exchange Server 2016

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-pf3p-qjm3-w7j2: Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially res↗2022-05-17

▶

CVEList

CVE-2017-11761: Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially res↗2017-09-13

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Information Disclosure Vulnerability↗2017-09-12

▶