cvelistv5 - cve-2018-8153

CVE-2018-8153 (GCVE-0-2018-8153)

Vulnerability from cvelistv5 – Published: 2018-05-09 19:00 – Updated: 2024-08-05 06:46

Summary

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server.

Severity ?

No CVSS data available.

CWE

Spoofing

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/bid/104045	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1040850	vdb-entryx_refsource_SECTRACK
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Microsoft	Microsoft Exchange Server	Affected: 2016 Cumulative Update 8 Affected: 2016 Cumulative Update 9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:13.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104045",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104045"
          },
          {
            "name": "1040850",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040850"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Exchange Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2016 Cumulative Update 8"
            },
            {
              "status": "affected",
              "version": "2016 Cumulative Update 9"
            }
          ]
        }
      ],
      "datePublic": "2018-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Spoofing Vulnerability.\" This affects Microsoft Exchange Server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-10T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "104045",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104045"
        },
        {
          "name": "1040850",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040850"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8153",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Exchange Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2016 Cumulative Update 8"
                          },
                          {
                            "version_value": "2016 Cumulative Update 9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Spoofing Vulnerability.\" This affects Microsoft Exchange Server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104045",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104045"
            },
            {
              "name": "1040850",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040850"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8153",
    "datePublished": "2018-05-09T19:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:46:13.471Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*\", \"matchCriteriaId\": \"075E907F-AF2F-4C31-86C7-51972BE412A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*\", \"matchCriteriaId\": \"69AF19DC-3D65-49A8-A85F-511085CDF27B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \\\"Microsoft Exchange Spoofing Vulnerability.\\\" This affects Microsoft Exchange Server.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de suplantaci\\u00f3n en Microsoft Exchange Server cuando Outlook Web Access (OWA) no gestiona correctamente las peticiones web. Esto tambi\\u00e9n se conoce como \\\"Microsoft Exchange Spoofing Vulnerability\\\".  Esto afecta a Microsoft Exchange Server.\"}]",
      "id": "CVE-2018-8153",
      "lastModified": "2024-11-21T04:13:21.603",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:N\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-05-09T19:29:02.277",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/104045\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040850\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/104045\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1040850\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-290\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-8153\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2018-05-09T19:29:02.277\",\"lastModified\":\"2024-11-21T04:13:21.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \\\"Microsoft Exchange Spoofing Vulnerability.\\\" This affects Microsoft Exchange Server.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de suplantaci\u00f3n en Microsoft Exchange Server cuando Outlook Web Access (OWA) no gestiona correctamente las peticiones web. Esto tambi\u00e9n se conoce como \\\"Microsoft Exchange Spoofing Vulnerability\\\".  Esto afecta a Microsoft Exchange Server.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-290\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*\",\"matchCriteriaId\":\"075E907F-AF2F-4C31-86C7-51972BE412A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*\",\"matchCriteriaId\":\"69AF19DC-3D65-49A8-A85F-511085CDF27B\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/104045\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040850\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104045\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040850\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2018-10742

Vulnerability from cnvd - Published: 2018-05-31

Title

Microsoft Exchange Server欺骗漏洞

Description

Microsoft Exchange Server是美国微软（Microsoft）公司的一套电子邮件服务程序，它提供邮件存取、储存、转发，语音邮件，邮件过滤筛选等功能。 Microsoft Exchange Server 2016 Cumulative Update 8和9中存在欺骗漏洞，该漏洞源于Outlook Web Access未能正确的处理Web请求。攻击者可通过向用户发送带有恶意链接的特制邮件消息或借助聊天客户端以社交方式诱使用户单击恶意链接利用该漏洞实施脚本或内容注入攻击，并诱使用户泄露敏感信息。

Severity

中

Patch Name

Microsoft Exchange Server欺骗漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153

Reference

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153

Impacted products

Name
Microsoft Exchange Server 2016

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104045"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-8153"
    }
  },
  "description": "Microsoft Exchange Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u670d\u52a1\u7a0b\u5e8f\uff0c\u5b83\u63d0\u4f9b\u90ae\u4ef6\u5b58\u53d6\u3001\u50a8\u5b58\u3001\u8f6c\u53d1\uff0c\u8bed\u97f3\u90ae\u4ef6\uff0c\u90ae\u4ef6\u8fc7\u6ee4\u7b5b\u9009\u7b49\u529f\u80fd\u3002\r\n\r\nMicrosoft Exchange Server 2016 Cumulative Update 8\u548c9\u4e2d\u5b58\u5728\u6b3a\u9a97\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eOutlook Web Access\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406Web\u8bf7\u6c42\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u7528\u6237\u53d1\u9001\u5e26\u6709\u6076\u610f\u94fe\u63a5\u7684\u7279\u5236\u90ae\u4ef6\u6d88\u606f\u6216\u501f\u52a9\u804a\u5929\u5ba2\u6237\u7aef\u4ee5\u793e\u4ea4\u65b9\u5f0f\u8bf1\u4f7f\u7528\u6237\u5355\u51fb\u6076\u610f\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u811a\u672c\u6216\u5185\u5bb9\u6ce8\u5165\u653b\u51fb\uff0c\u5e76\u8bf1\u4f7f\u7528\u6237\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "Max Smith",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-10742",
  "openTime": "2018-05-31",
  "patchDescription": "Microsoft Exchange Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u670d\u52a1\u7a0b\u5e8f\uff0c\u5b83\u63d0\u4f9b\u90ae\u4ef6\u5b58\u53d6\u3001\u50a8\u5b58\u3001\u8f6c\u53d1\uff0c\u8bed\u97f3\u90ae\u4ef6\uff0c\u90ae\u4ef6\u8fc7\u6ee4\u7b5b\u9009\u7b49\u529f\u80fd\u3002\r\n\r\nMicrosoft Exchange Server 2016 Cumulative Update 8\u548c9\u4e2d\u5b58\u5728\u6b3a\u9a97\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eOutlook Web Access\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406Web\u8bf7\u6c42\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u7528\u6237\u53d1\u9001\u5e26\u6709\u6076\u610f\u94fe\u63a5\u7684\u7279\u5236\u90ae\u4ef6\u6d88\u606f\u6216\u501f\u52a9\u804a\u5929\u5ba2\u6237\u7aef\u4ee5\u793e\u4ea4\u65b9\u5f0f\u8bf1\u4f7f\u7528\u6237\u5355\u51fb\u6076\u610f\u94fe\u63a5\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u811a\u672c\u6216\u5185\u5bb9\u6ce8\u5165\u653b\u51fb\uff0c\u5e76\u8bf1\u4f7f\u7528\u6237\u6cc4\u9732\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Exchange Server\u6b3a\u9a97\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Exchange Server 2016"
  },
  "referenceLink": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153",
  "serverity": "\u4e2d",
  "submitTime": "2018-05-09",
  "title": "Microsoft Exchange Server\u6b3a\u9a97\u6f0f\u6d1e"
}

GHSA-W3VW-MGPX-6MJP

Vulnerability from github – Published: 2022-05-13 01:20 – Updated: 2022-05-13 01:20

Details

Severity ?

5.4 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-8153"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-290"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-09T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Spoofing Vulnerability.\" This affects Microsoft Exchange Server.",
  "id": "GHSA-w3vw-mgpx-6mjp",
  "modified": "2022-05-13T01:20:41Z",
  "published": "2022-05-13T01:20:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8153"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104045"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040850"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-8153

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-8153

Aliases

CVE-2018-8153

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-8153",
    "description": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Spoofing Vulnerability.\" This affects Microsoft Exchange Server.",
    "id": "GSD-2018-8153"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-8153"
      ],
      "details": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Spoofing Vulnerability.\" This affects Microsoft Exchange Server.",
      "id": "GSD-2018-8153",
      "modified": "2023-12-13T01:22:34.348694Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2018-8153",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Exchange Server",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "2016 Cumulative Update 8"
                        },
                        {
                          "version_value": "2016 Cumulative Update 9"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Spoofing Vulnerability.\" This affects Microsoft Exchange Server."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Spoofing"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "104045",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104045"
          },
          {
            "name": "1040850",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040850"
          },
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8153"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Spoofing Vulnerability.\" This affects Microsoft Exchange Server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-290"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153"
            },
            {
              "name": "1040850",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040850"
            },
            {
              "name": "104045",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104045"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.5
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2018-05-09T19:29Z"
    }
  }
}

CERTFR-2018-AVI-223

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une divulgation d'informations, une élévation de privilèges, une exécution de code à distance et une usurpation d'identité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Infopath 2013 Service Pack 1 (édition 64 bits)
Microsoft	N/A	ChakraCore
Microsoft	Azure	C# SDK pour Azure IoT
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 20
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 19
Microsoft	N/A	Microsoft Exchange Server 2013 Service Pack 1
Microsoft	N/A	Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 9
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 8
Microsoft	Azure	Java SDK pour Azure IoT
Microsoft	N/A	Microsoft Infopath 2013 Service Pack 1 (édition 32 bits)
Microsoft	Azure	C SDK pour Azure IoT

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 08 mai 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Infopath 2013 Service Pack 1 (\u00e9dition 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "C# SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Java SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Infopath 2013 Service Pack 1 (\u00e9dition 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "C SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0946"
    },
    {
      "name": "CVE-2018-8153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8153"
    },
    {
      "name": "CVE-2018-0954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0954"
    },
    {
      "name": "CVE-2018-8151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8151"
    },
    {
      "name": "CVE-2018-8178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8178"
    },
    {
      "name": "CVE-2018-0945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0945"
    },
    {
      "name": "CVE-2018-8137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8137"
    },
    {
      "name": "CVE-2018-0953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0953"
    },
    {
      "name": "CVE-2018-8173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8173"
    },
    {
      "name": "CVE-2018-8128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8128"
    },
    {
      "name": "CVE-2018-8133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8133"
    },
    {
      "name": "CVE-2018-8177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8177"
    },
    {
      "name": "CVE-2018-8119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8119"
    },
    {
      "name": "CVE-2018-8159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8159"
    },
    {
      "name": "CVE-2018-8130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8130"
    },
    {
      "name": "CVE-2018-8152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8152"
    },
    {
      "name": "CVE-2018-8139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8139"
    },
    {
      "name": "CVE-2018-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0943"
    },
    {
      "name": "CVE-2018-8145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8145"
    },
    {
      "name": "CVE-2018-8154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8154"
    },
    {
      "name": "CVE-2018-1022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1022"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-223",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-05-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    },
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une divulgation d\u0027informations, une \u00e9l\u00e9vation de\nprivil\u00e8ges, une ex\u00e9cution de code \u00e0 distance et une usurpation\nd\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 mai 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2018-AVI-223

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Infopath 2013 Service Pack 1 (édition 64 bits)
Microsoft	N/A	ChakraCore
Microsoft	Azure	C# SDK pour Azure IoT
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 20
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 19
Microsoft	N/A	Microsoft Exchange Server 2013 Service Pack 1
Microsoft	N/A	Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 9
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 8
Microsoft	Azure	Java SDK pour Azure IoT
Microsoft	N/A	Microsoft Infopath 2013 Service Pack 1 (édition 32 bits)
Microsoft	Azure	C SDK pour Azure IoT

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 08 mai 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Infopath 2013 Service Pack 1 (\u00e9dition 64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "C# SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 21",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Java SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Infopath 2013 Service Pack 1 (\u00e9dition 32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "C SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-0946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0946"
    },
    {
      "name": "CVE-2018-8153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8153"
    },
    {
      "name": "CVE-2018-0954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0954"
    },
    {
      "name": "CVE-2018-8151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8151"
    },
    {
      "name": "CVE-2018-8178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8178"
    },
    {
      "name": "CVE-2018-0945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0945"
    },
    {
      "name": "CVE-2018-8137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8137"
    },
    {
      "name": "CVE-2018-0953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0953"
    },
    {
      "name": "CVE-2018-8173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8173"
    },
    {
      "name": "CVE-2018-8128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8128"
    },
    {
      "name": "CVE-2018-8133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8133"
    },
    {
      "name": "CVE-2018-8177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8177"
    },
    {
      "name": "CVE-2018-8119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8119"
    },
    {
      "name": "CVE-2018-8159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8159"
    },
    {
      "name": "CVE-2018-8130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8130"
    },
    {
      "name": "CVE-2018-8152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8152"
    },
    {
      "name": "CVE-2018-8139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8139"
    },
    {
      "name": "CVE-2018-0943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0943"
    },
    {
      "name": "CVE-2018-8145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8145"
    },
    {
      "name": "CVE-2018-8154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8154"
    },
    {
      "name": "CVE-2018-1022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1022"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-223",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-05-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations"
    },
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une divulgation d\u0027informations, une \u00e9l\u00e9vation de\nprivil\u00e8ges, une ex\u00e9cution de code \u00e0 distance et une usurpation\nd\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 mai 2018",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

FKIE_CVE-2018-8153

Vulnerability from fkie_nvd - Published: 2018-05-09 19:29 - Updated: 2024-11-21 04:13

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/104045	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.securitytracker.com/id/1040850	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104045	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1040850	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	microsoft	exchange_server	2016
	microsoft	exchange_server	2016

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*",
              "matchCriteriaId": "075E907F-AF2F-4C31-86C7-51972BE412A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*",
              "matchCriteriaId": "69AF19DC-3D65-49A8-A85F-511085CDF27B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Spoofing Vulnerability.\" This affects Microsoft Exchange Server."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de suplantaci\u00f3n en Microsoft Exchange Server cuando Outlook Web Access (OWA) no gestiona correctamente las peticiones web. Esto tambi\u00e9n se conoce como \"Microsoft Exchange Spoofing Vulnerability\".  Esto afecta a Microsoft Exchange Server."
    }
  ],
  "id": "CVE-2018-8153",
  "lastModified": "2024-11-21T04:13:21.603",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-09T19:29:02.277",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104045"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040850"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8153"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-290"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-8153 (GCVE-0-2018-8153)

CNVD-2018-10742

GHSA-W3VW-MGPX-6MJP

GSD-2018-8153

CERTFR-2018-AVI-223

Solution

CERTFR-2018-AVI-223

Solution

FKIE_CVE-2018-8153

Tags

Sightings

Nomenclature