VYPR
Medium severity6.5NVD Advisory· Published Mar 14, 2018· Updated Jun 17, 2026

CVE-2018-0940

CVE-2018-0940

Description

Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka "Microsoft Exchange Elevation of Privilege Vulnerability".

Affected products

2
  • Range: 2010 SP3 UR20, 2013 CU18, 2013 CU19, 2013 SP1, 2016 CU7, 2016 CU8
  • Microsoft Corporation/Microsoft Exchange Outlook Web Access (OWA)v5
    Range: Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.