VYPR

Outlook Web Access

by Microsoft

CVEs (17)

  • CVE-2017-0110MedMar 17, 2017
    risk 0.40cvss 6.1epss 0.07

    Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability."

  • CVE-2016-0028MedJun 16, 2016
    risk 0.38cvss 5.5epss 0.23

    Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML…

  • CVE-2018-8448MedOct 10, 2018
    risk 0.35cvss 5.4epss 0.03

    An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2008-1547Oct 21, 2008
    risk 0.07cvss epss 0.46

    Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.

  • CVE-2005-0420Apr 27, 2005
    risk 0.05cvss epss 0.26

    Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.

  • CVE-2010-3213Sep 7, 2010
    risk 0.04cvss epss 0.09

    Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.

  • CVE-2010-2091May 27, 2010
    risk 0.04cvss epss 0.18

    Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct…

  • CVE-2007-0220May 8, 2007
    risk 0.03cvss epss 0.33

    Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail…

  • CVE-2008-2247Jul 8, 2008
    risk 0.02cvss epss 0.25

    Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248.

  • CVE-2008-2248Jul 8, 2008
    risk 0.02cvss epss 0.25

    Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.

  • CVE-2004-0203Nov 23, 2004
    risk 0.02cvss epss 0.21

    Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.

  • CVE-2015-2543Sep 9, 2015
    risk 0.01cvss epss 0.09

    Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability."

  • CVE-2005-0563Jun 14, 2005
    risk 0.01cvss epss 0.14

    Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc ript:") in an IMG tag.

  • CVE-2005-1052May 2, 2005
    risk 0.01cvss epss 0.09

    Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.

  • CVE-2019-0817Apr 9, 2019
    risk 0.00cvss epss 0.02

    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.

  • CVE-2008-2143May 12, 2008
    risk 0.00cvss epss 0.02

    Unspecified versions of Microsoft Outlook Web Access (OWA) use the Cache-Control: no-cache HTTP directive instead of no-store, which might cause web browsers that follow RFC-2616 to cache sensitive information.

  • CVE-2002-0507Aug 12, 2002
    risk 0.00cvss epss 0.02

    An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually…