Vulnerabilities > Microsoft > Exchange Server > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-12 | CVE-2020-0903 | Cross-site Scripting vulnerability in Microsoft Exchange Server 2016/2019 A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'. | 3.5 |
| 2019-07-15 | CVE-2019-1137 | Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016/2019 A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'. | 3.5 |
| 2014-12-11 | CVE-2014-6336 | Improper Input Validation vulnerability in Microsoft Exchange Server 2013 Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability." | 3.5 |
| 2012-12-12 | CVE-2012-4791 | Code Injection vulnerability in Microsoft Exchange Server 2007/2010 Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability." | 3.5 |
| 2012-10-18 | CVE-2012-2284 | Credentials Management vulnerability in EMC Networker Module for Microsoft Applications 2.2.1/2.3/2.4 The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. | 2.1 |
| 2006-06-13 | CVE-2006-1193 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 2000 Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." | 2.6 |
| 2002-12-31 | CVE-2002-1876 | Resource Exhaustion vulnerability in Microsoft Exchange Server 2000 Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. | 2.1 |
| 2002-08-12 | CVE-2002-0507 | Improper Authentication vulnerability in multiple products An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. | 2.1 |
| 2001-10-30 | CVE-2001-0666 | Resource Exhaustion vulnerability in Microsoft Exchange Server 2000 Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox. | 2.1 |