Vulnerabilities > Microsoft > Exchange Server > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-07-11 CVE-2017-8621 Open Redirect vulnerability in Microsoft Exchange Server 2010/2013/2016
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".
network
microsoft CWE-601
5.8
5.8
2017-07-11 CVE-2017-8560 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability".
network
microsoft CWE-79
4.3
4.3
2017-07-11 CVE-2017-8559 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability".
network
microsoft CWE-79
4.3
4.3
2017-05-26 CVE-2017-8542 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service.
network
microsoft CWE-119
4.3
4.3
2017-05-26 CVE-2017-8539 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service.
network
microsoft CWE-119
4.3
4.3
2017-05-26 CVE-2017-8537 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service.
network
microsoft CWE-119
4.3
4.3
2017-05-26 CVE-2017-8536 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service.
network
microsoft CWE-119
4.3
4.3
2017-05-26 CVE-2017-8535 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service.
network
microsoft CWE-119
4.3
4.3
2017-03-17 CVE-2017-0110 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability."
network
microsoft CWE-79
4.3
4.3
2016-09-14 CVE-2016-3379 Cross-site Scripting vulnerability in Microsoft Exchange Server 2016
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability."
network
microsoft CWE-79
4.3
4.3