Msrc Microsoft Exchange Server 2016 Cumulative Update 1 vulnerabilities

4 known vulnerabilities affecting msrc/microsoft_exchange_server_2016_cumulative_update_1.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2016-3379HIGHCVSS 6.12016-09-13
CVE-2016-3379 [MEDIUM] Microsoft Exchange Elevation of Privilege Vulnerability Microsoft Exchange Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in the way that Microsoft Outlook handles meeting invitation requests. To exploit the vulnerability, an attacker could send a specially crafted Outlook meeting invitation request with malicious cross-site scripting (XSS) capability to a user. The update addresses the vulnerability by correcting how Outl
msrc
CVE-2016-0138HIGHCVSS 4.32016-09-13
CVE-2016-0138 [MEDIUM] Microsoft Outlook Information Disclosure Vulnerability Microsoft Outlook Information Disclosure Vulnerability Description: An information disclosure vulnerability exists in the way that Microsoft Exchange Server parses email messages. The vulnerability could allow an attacker to discover confidential user information that is contained in Microsoft Outlook applications. To exploit the vulnerability, an attacker could use "send as" rights to send a specially crafted message
msrc
CVE-2016-3378MEDIUMCVSS 7.42016-09-13
CVE-2016-3378 [HIGH] Microsoft Exchange Open Redirect Vulnerability Microsoft Exchange Open Redirect Vulnerability Description: An open redirect vulnerability exists in Microsoft Exchange that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link. When an authenticated Exchange user clicks the link, the authenticated user's browser session could be redirected to a malicious site that is desig
msrc
CVE-2016-0028HIGHCVSS 5.52016-06-14
CVE-2016-0028 [MEDIUM] Microsoft Exchange Information Disclosure Vulnerability Microsoft Exchange Information Disclosure Vulnerability Description: An email filter bypass exists in the way that Microsoft Exchange parses HTML messages that could allow information disclosure. An attacker who successfully exploited the vulnerability could identify, fingerprint, and track a user online if the user views email messages using Outlook Web Access (OWA). An attacker could also combine this vulnerability
msrc