CVE-2018-8448: XSS
First published: Wed Oct 10 2018(Updated: )
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Exchange Server | =2013-cumulative_update_21 | |
| Microsoft Exchange Server | =2016-cumulative_update_10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-8448?
CVE-2018-8448 is rated as a critical elevation of privilege vulnerability.
How do I fix CVE-2018-8448?
To fix CVE-2018-8448, you should apply the latest updates provided by Microsoft for Exchange Server.
Which versions of Microsoft Exchange Server are affected by CVE-2018-8448?
CVE-2018-8448 affects Microsoft Exchange Server 2013 Cumulative Update 21 and Exchange Server 2016 Cumulative Update 10.
What impact does CVE-2018-8448 have on users?
CVE-2018-8448 allows attackers to gain elevated privileges, which could lead to unauthorized access to sensitive data.
Is there a workaround for CVE-2018-8448?
Currently, the most effective mitigation against CVE-2018-8448 is to apply the security updates from Microsoft without any known workarounds.
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/microsoft
- canonical/microsoft exchange server
- version/microsoft exchange server/2013-cumulative_update_21
- version/microsoft exchange server/2016-cumulative_update_10