Medium severity6.1NVD Advisory· Published Jul 11, 2017· Updated Jun 17, 2026
CVE-2017-8559
CVE-2017-8559
Description
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560.
Affected products
4cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_16:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_16:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_5:*:*:*:*:*:*
- Microsoft Corporation/Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5.v5Range: Microsoft Exchange
Patches
Vulnerability mechanics
References
3- portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8559nvdPatchVendor Advisory
- www.securityfocus.com/bid/99448nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038852nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.