CVE-2017-8560

{"id": "CVE-2017-8560", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-07-11T21:29:00.920", "references": [{"url": "http://www.securityfocus.com/bid/99449", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.securitytracker.com/id/1038852", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8560", "tags": ["Vendor Advisory", "Patch"], "source": "secure@microsoft.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka \"Microsoft Exchange Cross-Site Scripting Vulnerability\". This CVE ID is unique from CVE-2017-8559."}, {"lang": "es", "value": "Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16 y Exchange Server 2016 CU5 permiten una vulnerabilidad de elevaci\u00f3n de privilegios debido a la forma en la que Exchange Outlook Web Access (OWA) gestiona las peticiones web. Esto tambi\u00e9n se conoce como \"Microsoft Exchange Cross-Site Scripting Vulnerability\". El ID de este CVE es diferente de CVE-2017-8559."}], "lastModified": "2017-07-14T13:21:49.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD8BCE7D-51F0-41A2-A110-71044844C651"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C21F84B-E99C-451D-9EAF-6352FD2B0EAF"}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23015889-48AF-40A5-862F-290E73A54E77"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}