CVE-2014-6336

Microsoft Exchange Server 2013 SP1-CU6 - Open Redirect

Title source: llm
STIX 2.1

Description

Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 6 does not properly validate redirection tokens, which allows remote attackers to redirect users to arbitrary web sites and spoof the origin of e-mail messages via unspecified vectors, aka "Exchange URL Redirection Vulnerability."

References (1)

Core 1
Core References

Scores

EPSS 0.0707
EPSS Percentile 93.5%

Details

CWE
CWE-20
Status published
Products (1)
microsoft/exchange_server 2013 cumulative_update_6 (2 CPE variants)
Published Dec 11, 2014
Tracked Since Feb 18, 2026