vulnerability

Microsoft Exchange: CVE-2016-3378: Microsoft Exchange Open Redirect Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Sep 14, 2016	Aug 10, 2023	Oct 14, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Sep 14, 2016

Added

Aug 10, 2023

Modified

Oct 14, 2025

Description

Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "Microsoft Exchange Open Redirect Vulnerability."

Solutions

microsoft-exchange-exchange_server_2016_CU1-kb3184736microsoft-exchange-exchange_server_2016_CU2-kb3184736

References

BID-92833
CVE-2016-3378
https://attackerkb.com/topics/CVE-2016-3378
CWE-20
DISA_SEVERITY-Category I
IAVM-2016-A-0247
MS-MS16-108
URL-https://support.microsoft.com/help/3184736

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today