Microsoft: >> Exchange Server >> 2010 Security Vulnerabilities
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.
CVSS Score
6.5
EPSS Score
0.037
Published
2019-01-08
CVE-2018-8581
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
Known exploited
CVSS Score
7.4
EPSS Score
0.909
Published
2018-11-14
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
CVSS Score
8.6
EPSS Score
0.003
Published
2018-09-21
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
CVSS Score
9.8
EPSS Score
0.177
Published
2018-08-15
An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154.
CVSS Score
4.3
EPSS Score
0.064
Published
2018-05-09
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151.
CVSS Score
9.8
EPSS Score
0.18
Published
2018-05-09
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0941.
CVSS Score
6.5
EPSS Score
0.168
Published
2018-03-14
Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka "Microsoft Exchange Elevation of Privilege Vulnerability".
CVSS Score
6.5
EPSS Score
0.086
Published
2018-03-14
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".
CVSS Score
6.1
EPSS Score
0.009
Published
2017-07-11
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."
CVSS Score
4.3
EPSS Score
0.161
Published
2016-09-14