CVE-2017-11932 — Improper Input Validation in Corporation Microsoft Exchange Server

CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.1HIGHNVD

EPSS

14.8%

top 5.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Microsoft Exchange Server Microsoft Exchange Server

Timeline

PublishedDec 12

Latest updateMay 14

Description

Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶NVDmicrosoft/exchange_server2016

▶CVEListV5microsoft_corporation/microsoft_exchange_serverMicrosoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-fg2h-gf84-hw5h: Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) valid↗2022-05-14

▶

CVEList

CVE-2017-11932: Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) valid↗2017-12-12

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Spoofing Vulnerability↗2017-12-12

▶