Medium severity6.5NVD Advisory· Published Mar 14, 2018· Updated Jun 17, 2026
CVE-2018-0940
CVE-2018-0940
Description
Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka "Microsoft Exchange Elevation of Privilege Vulnerability".
Affected products
2- Range: 2010 SP3 UR20, 2013 CU18, 2013 CU19, 2013 SP1, 2016 CU7, 2016 CU8
- Microsoft Corporation/Microsoft Exchange Outlook Web Access (OWA)v5Range: Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8
Patches
Vulnerability mechanics
References
3- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0940nvdPatchVendor Advisory
- www.securityfocus.com/bid/103323nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040521nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.