CVE-2018-0924

Опубликовано: 14 мар. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Средний

Описание

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0941.

Ссылки

http://www.securityfocus.com/bid/103320
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040521
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0924
Patch
Vendor Advisory
http://www.securityfocus.com/bid/103320
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040521
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0924
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup20:*:*:*:*:*:*

cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_18:*:*:*:*:*:*

cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_19:*:*:*:*:*:*

cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_7:*:*:*:*:*:*

cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.2123

Средний

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

CVE-2018-0924

msrc

больше 7 лет назад

Microsoft Exchange Information Disclosure Vulnerability

GHSA-82pv-x3j7-8x3m