Description
Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability"
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11761
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039320
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100731
Scores
CVSS v3
5.3
EPSS
0.0916
EPSS Percentile
92.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (3)
microsoft/exchange_server
2013 cumulative_update_16 (3 CPE variants)
microsoft/exchange_server
2016 cumulative_update_5 (2 CPE variants)
Microsoft Corporation/Microsoft Exchange Server
Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016
Published
Sep 13, 2017
Tracked Since
Feb 18, 2026