Vulnerabilities > Microsoft > Exchange Server

DATE CVE VULNERABILITY TITLE RISK
2016-09-14 CVE-2016-0138 Information Exposure vulnerability in Microsoft Exchange Server
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-200
4.3
4.3
2016-01-13 CVE-2016-0032 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."
network
low complexity
microsoft CWE-79
6.1
6.1
2016-01-13 CVE-2016-0031 Cross-site Scripting vulnerability in Microsoft Exchange Server 2016
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029.
network
low complexity
microsoft CWE-79
6.1
6.1
2016-01-13 CVE-2016-0030 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."
network
low complexity
microsoft CWE-79
6.1
6.1
2016-01-13 CVE-2016-0029 Cross-site Scripting vulnerability in Microsoft Exchange Server 2016
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0031.
network
low complexity
microsoft CWE-79
6.1
6.1