Medium severity6.1NVD Advisory· Published Jul 11, 2017· Updated May 13, 2026

CVE-2017-8621

Description

Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".

Affected products

Microsoft/Exchange Server4 versions
cpe:2.3:a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_16:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_5:*:*:*:*:*:*
Microsoft Corporation/Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5.v5
Range: Microsoft Exchange

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8621nvdPatchVendor Advisory
www.securityfocus.com/bid/99533nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1038852nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000