CVE-2018-8374

4 documents4 sources

Severity

4.3MEDIUM

EPSS

3.1%

top 13.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Exchange Server Microsoft Exchange Server

Timeline

PublishedAug 15

Latest updateMay 13

Description

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDmicrosoft/exchange_server2016

▶CVEListV5microsoft/microsoft_exchange_server2016 Cumulative Update 10, 2016 Cumulative Update 9+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-g5px-7wp3-wmcp: A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulner↗2022-05-13

▶

CVEList

CVE-2018-8374: A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulner↗2018-08-15

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Server Tampering Vulnerability↗2018-08-14

▶