Medium severity6.1NVD Advisory· Published Jul 11, 2017· Updated May 13, 2026

CVE-2017-8560

Description

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559.

Affected products

Microsoft/Exchange Server3 versions
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_16:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_16:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_5:*:*:*:*:*:*
Microsoft Corporation/Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5.v5
Range: Microsoft Exchange

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8560nvdPatchVendor Advisory
www.securityfocus.com/bid/99449nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038852nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000