What is the severity of CVE-2018-16793?

CVE-2018-16793 is considered a critical Server-Side Request Forgery (SSRF) vulnerability affecting Microsoft Exchange Server 2010 SP3 and previous versions.

How do I fix CVE-2018-16793?

To mitigate CVE-2018-16793, it is recommended to apply the latest security updates or patches provided by Microsoft for Exchange Server.

What versions of Microsoft Exchange are affected by CVE-2018-16793?

CVE-2018-16793 affects Microsoft Exchange Server 2010 SP3 and its Rollups from Rollup 1 to Rollup 18.

What kind of attack can be executed using CVE-2018-16793?

CVE-2018-16793 allows an attacker to perform a Server-Side Request Forgery attack, potentially accessing internal resources.

What component of Microsoft Exchange is impacted by CVE-2018-16793?

CVE-2018-16793 impacts the OWA (Outlook Web Access) login page, specifically through the username parameter.

Vulnerability/
CVE-2018-16793

high

8.6

CWE

918

21/9/2018

5/8/2024

CVE-2018-16793: SSRF

First published: Fri Sep 21 2018(Updated: )

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Microsoft Exchange Server	=2010-sp3_rollup1
Microsoft Exchange Server	=2010-sp3_rollup10
Microsoft Exchange Server	=2010-sp3_rollup11
Microsoft Exchange Server	=2010-sp3_rollup12
Microsoft Exchange Server	=2010-sp3_rollup13
Microsoft Exchange Server	=2010-sp3_rollup14
Microsoft Exchange Server	=2010-sp3_rollup15
Microsoft Exchange Server	=2010-sp3_rollup16
Microsoft Exchange Server	=2010-sp3_rollup17
Microsoft Exchange Server	=2010-sp3_rollup18
Microsoft Exchange Server	=2010-sp3_rollup2
Microsoft Exchange Server	=2010-sp3_rollup3
Microsoft Exchange Server	=2010-sp3_rollup4
Microsoft Exchange Server	=2010-sp3_rollup5
Microsoft Exchange Server	=2010-sp3_rollup6
Microsoft Exchange Server	=2010-sp3_rollup7
Microsoft Exchange Server	=2010-sp3_rollup8
Microsoft Exchange Server	=2010-sp3_rollup9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-16793?
CVE-2018-16793 is considered a critical Server-Side Request Forgery (SSRF) vulnerability affecting Microsoft Exchange Server 2010 SP3 and previous versions.
How do I fix CVE-2018-16793?
To mitigate CVE-2018-16793, it is recommended to apply the latest security updates or patches provided by Microsoft for Exchange Server.
What versions of Microsoft Exchange are affected by CVE-2018-16793?
CVE-2018-16793 affects Microsoft Exchange Server 2010 SP3 and its Rollups from Rollup 1 to Rollup 18.
What kind of attack can be executed using CVE-2018-16793?
CVE-2018-16793 allows an attacker to perform a Server-Side Request Forgery attack, potentially accessing internal resources.
What component of Microsoft Exchange is impacted by CVE-2018-16793?
CVE-2018-16793 impacts the OWA (Outlook Web Access) login page, specifically through the username parameter.

agent/references
agent/type
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/tags
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
vendor/microsoft
canonical/microsoft exchange server
version/microsoft exchange server/2010-sp3_rollup1
version/microsoft exchange server/2010-sp3_rollup10
version/microsoft exchange server/2010-sp3_rollup11
version/microsoft exchange server/2010-sp3_rollup12
version/microsoft exchange server/2010-sp3_rollup13
version/microsoft exchange server/2010-sp3_rollup14
version/microsoft exchange server/2010-sp3_rollup15
version/microsoft exchange server/2010-sp3_rollup16
version/microsoft exchange server/2010-sp3_rollup17
version/microsoft exchange server/2010-sp3_rollup18
version/microsoft exchange server/2010-sp3_rollup2
version/microsoft exchange server/2010-sp3_rollup3
version/microsoft exchange server/2010-sp3_rollup4
version/microsoft exchange server/2010-sp3_rollup5
version/microsoft exchange server/2010-sp3_rollup6
version/microsoft exchange server/2010-sp3_rollup7
version/microsoft exchange server/2010-sp3_rollup8
version/microsoft exchange server/2010-sp3_rollup9