vulnerability

Microsoft Exchange: CVE-2017-8560: Microsoft Exchange Server Elevation of Privilege Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jul 11, 2017	Aug 10, 2023	Oct 14, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jul 11, 2017

Added

Aug 10, 2023

Modified

Oct 14, 2025

Description

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559.

Solution

microsoft-exchange-exchange_server_2016_CU5-kb4018588

References

BID-99449
CVE-2017-8560
https://attackerkb.com/topics/CVE-2017-8560
CWE-79
https://support.microsoft.com/help/4018588

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report