Msrc Microsoft Exchange Server 2013 Service Pack 1 vulnerabilities

CVE-2021-26857 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: Is this vulnerability being used in an active attack? Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange

CVE-2021-27065 [CRITICAL] Microsoft Exchange Server Remote Code Execution Vulnerability Microsoft Exchange Server Remote Code Execution Vulnerability FAQ: Is this vulnerability being used in an active attack? Yes. The vulnerability described in this CVE is one of four vulnerabilities that are being exploited in an active attack. The security updates address this attack. More information can be found here: https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange

CVE-2018-8154 [CRITICAL] Microsoft Exchange Memory Corruption Vulnerability Microsoft Exchange Memory Corruption Vulnerability Description: A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. An attacker could then install programs; view, change, or delete data; or create new accounts. Exploitat

CVE-2018-8151 [MEDIUM] Microsoft Exchange Memory Corruption Vulnerability Microsoft Exchange Memory Corruption Vulnerability Description: An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the remote system. To exploit the vulnerability, an attacker would send a specially-crafted email to an affected Exchange Server. The security upda

CVE-2018-0940 [MEDIUM] Microsoft Exchange Elevation of Privilege Vulnerability Microsoft Exchange Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly sanitize links presented to users. An attacker who successfully exploited this vulnerability could override the OWA interface with a fake login page and attempt to trick the user into disclosing sensitive information. To exploit the vuln

CVE-2018-0924 [MEDIUM] Microsoft Exchange Information Disclosure Vulnerability Microsoft Exchange Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way that Microsoft Exchange Server handles URL redirects. If an impacted user is using Microsoft Exchange Outlook Web Access (OWA) Light, the vulnerability could allow an attacker to discover sensitive information that should otherwise not be disclosed, such as the URL of the user's OWA service.

CVE-2017-8560 [MEDIUM] Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information. To exploit the vulnerability

CVE-2017-8559 [MEDIUM] Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information. To exploit the vulnerability

CVE-2017-8621 [MEDIUM] Microsoft Exchange Open Redirect Vulnerability Microsoft Exchange Open Redirect Vulnerability Description: An open redirect vulnerability exists in Microsoft Exchange that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link. When an authenticated Exchange user clicks the link, the authenticated user's browser session could be redirected to a malicious site that is des

CVE-2017-0110 [MEDIUM] Microsoft Exchange Server Elevation of Privilege Vulnerability Microsoft Exchange Server Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information. To exploit the vulnerability

CVE-2016-0138 [MEDIUM] Microsoft Outlook Information Disclosure Vulnerability Microsoft Outlook Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way that Microsoft Exchange Server parses email messages. The vulnerability could allow an attacker to discover confidential user information that is contained in Microsoft Outlook applications. To exploit the vulnerability, an attacker could use "send as" rights to send a specially crafted message

CVE-2016-3378 [HIGH] Microsoft Exchange Open Redirect Vulnerability Microsoft Exchange Open Redirect Vulnerability Description: An open redirect vulnerability exists in Microsoft Exchange that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link. When an authenticated Exchange user clicks the link, the authenticated user's browser session could be redirected to a malicious site that is desig

CVE-2016-0028 [MEDIUM] Microsoft Exchange Information Disclosure Vulnerability Microsoft Exchange Information Disclosure Vulnerability Description: An email filter bypass exists in the way that Microsoft Exchange parses HTML messages that could allow information disclosure. An attacker who successfully exploited the vulnerability could identify, fingerprint, and track a user online if the user views email messages using Outlook Web Access (OWA). An attacker could also combine this vulnerability