CVE-2017-8621Open Redirect in Microsoft Exchange Server

CWE-601Open Redirect4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
1.1%
top 22.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Exchange Server
Timeline
PublishedJul 11
Latest updateMay 17

Description

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDmicrosoft/exchange_server2010, 2013, 2016+2

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-vfc8-gvw2-fjv6: Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerab2022-05-17
CVEList
CVE-2017-8621: Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerab2017-07-11

📋Vendor Advisories

1
Microsoft
Microsoft Exchange Open Redirect Vulnerability2017-07-11
CVE-2017-8621 — Open Redirect in Microsoft | cvebase