vulnerability

Microsoft CVE-2018-8159: Microsoft Exchange Elevation of Privilege Vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	May 8, 2018	May 8, 2018	Sep 17, 2019

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

May 8, 2018

Added

May 8, 2018

Modified

Sep 17, 2019

Description

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.
To exploit the vulnerability, an attacker could send a specially crafted email message containing a specific malicious script. The user would have to apply a highlight to the script for it to be activated.
The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests.

Solutions

msft-kb4092041-a6c2e348-e8ab-4935-adf5-17027a98891cmsft-kb4092041-c1fd6052-a54c-4c2a-a454-3e2c9d2cf738

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today