High severity7.4NVD Advisory· Published Sep 14, 2016· Updated Jun 17, 2026
CVE-2016-3378
CVE-2016-3378
Description
Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "Microsoft Exchange Open Redirect Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_12:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_13:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_2:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.