Medium severity6.1NVD Advisory· Published Jul 11, 2017· Updated Jun 17, 2026
CVE-2017-8560
CVE-2017-8560
Description
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559.
Affected products
4cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_16:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_16:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_5:*:*:*:*:*:*
- Microsoft Corporation/Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5.v5Range: Microsoft Exchange
Patches
Vulnerability mechanics
References
3- portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8560nvdPatchVendor Advisory
- www.securityfocus.com/bid/99449nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1038852nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.