vulnerability

Microsoft CVE-2017-8621: Microsoft Exchange Open Redirect Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Jul 11, 2017	Jul 11, 2017	May 16, 2018

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Jul 11, 2017

Added

Jul 11, 2017

Modified

May 16, 2018

Description

An open redirect vulnerability exists in Microsoft Exchange that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL, and convince the user to click the link. When an authenticated Exchange user clicks the link, the authenticated user's browser session could be redirected to a malicious site that is designed to impersonate a legitimate website. By doing so, the attacker could trick the user and potentially acquire sensitive information, such as the user's credentials. The update addresses the vulnerability by correcting how Exchange handles open redirect requests.

Solutions

msft-kb4018588-866cfcd4-b8e8-4085-82ae-1109f4add018msft-kb4018588-ac09d2dc-c24a-4740-912c-bf4fec7a0ae2msft-kb4018588-c14b59ce-1e14-4e62-a209-81c1cef37099

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today