CVE-2017-8621
MEDIUMMicrosoft Exchange Server 2010 SP3, 2013 SP3, 2013 CU16, 2016 CU5 - Open Redirect
Title source: llmDescription
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8621
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1038852
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99533
Scores
CVSS v3
6.1
EPSS
0.0106
EPSS Percentile
77.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (4)
microsoft/exchange_server
2010 sp3
microsoft/exchange_server
2013 cumulative_update_16 (2 CPE variants)
microsoft/exchange_server
2016 cumulative_update_5
Microsoft Corporation/Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5.
Microsoft Exchange
Published
Jul 11, 2017
Tracked Since
Feb 18, 2026