CVE-2018-8604

5 documents5 sources

Severity

4.3MEDIUM

EPSS

4.9%

top 10.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Exchange Server Microsoft Exchange Server

Timeline

PublishedDec 12

Latest updateMay 13

Description

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDmicrosoft/exchange_server2016

▶CVEListV5microsoft/microsoft_exchange_server2016 Cumulative Update 10, 2016 Cumulative Update 11+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-2pq7-48cp-48f8: A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulner↗2022-05-13

▶

CVEList

CVE-2018-8604: A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulner↗2018-12-12

▶

💥Exploits & PoCs

Exploit-DB

Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)↗2018-07-26

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Server Tampering Vulnerability↗2018-12-11

▶