CVE-2018-16793
Severity CVSS v4.0:
Pending analysis
Type:
CWE-918
Server-Side Request Forgery (SSRF)
Publication date:
21/09/2018
Last modified:
20/11/2018
Description
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
Impact
Base Score 3.x
8.60
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup1:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup10:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup11:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup12:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup13:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup14:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup15:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup16:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup17:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup18:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup2:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup3:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup4:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup5:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:exchange_server:2010:sp3_rollup6:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page