CVSS: 8.1EPSS: 2%CPEs: 4EXPL: 2CVE-2018-8581 – Microsoft Exchange Server Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-8581
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. Existe una vulnerabilidad de elevación de privilegios en Microsoft Exchange Server. Esto también se conoce como "Microsoft Exchange Server Elevation of Privilege Vulnerability". Esto afecta a Microsoft Exchange Server. • https://github.com/WyAtu/CVE-2018-8581 https://github.com/qiantu88/CVE-2018-8581 http://www.securityfocus.com/bid/105837 http://www.securitytracker.com/id/1042141 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581 •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-8448
https://notcve.org/view.php?id=CVE-2018-8448
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. Existe una vulnerabilidad de elevación de privilegios cuando Microsoft Exchange Outlook Web Access (OWA) fracasa a la hora de gestionar correctamente peticiones web. Esto también se conoce como "Microsoft Exchange Server Elevation of Privilege Vulnerability". Esto afecta a Microsoft Exchange Server. • http://www.securityfocus.com/bid/105492 http://www.securitytracker.com/id/1041836 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 27%CPEs: 2EXPL: 0CVE-2018-8265
https://notcve.org/view.php?id=CVE-2018-8265
A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server. Existe una vulnerabilidad de ejecución remota de código cuando el software de Microsoft Exchange analiza mensajes de email especialmente manipulados. Esto también se conoce como "Microsoft Exchange Remote Code Execution Vulnerability". Esto afecta a Microsoft Exchange Server. • http://www.securityfocus.com/bid/105491 http://www.securitytracker.com/id/1041836 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8265 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 0%CPEs: 18EXPL: 3CVE-2018-16793
https://notcve.org/view.php?id=CVE-2018-16793
Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page. Rollup 18 para Microsoft Exchange Server 2010 SP3 y versiones anteriores tiene una vulnerabilidad Server-Side Request Forgery (SSRF) mediante el parámetro username en /owa/auth/logon.aspx la página de inicio de sesión de OWA (Outlook Web Access). • http://packetstormsecurity.com/files/149411/Rollup-18-For-Microsoft-Exchange-Server-2010-SP3-Server-Side-Request-Forgery.html http://seclists.org/fulldisclosure/2018/Sep/20 http://www.securityfocus.com/bid/105386 https://seclists.org/bugtraq/2018/Sep/38 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-8374
https://notcve.org/view.php?id=CVE-2018-8374
A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server. Existe una vulnerabilidad de manipulación cuando Microsoft Exchange Server no gestiona correctamente los datos del perfil. Esto también se conoce como "Microsoft Exchange Server Tampering Vulnerability". Esto afecta a Microsoft Exchange Server. • http://www.securityfocus.com/bid/104993 http://www.securitytracker.com/id/1041481 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8374 •