vulnerability
Microsoft CVE-2018-8448: Microsoft Exchange Server Elevation of Privilege Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:M/Au:N/C:P/I:P/A:N) | Oct 9, 2018 | Oct 9, 2018 | Nov 28, 2018 |
Description
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited this vulnerability could perform script/content injection attacks and attempt to trick the user into disclosing sensitive information.
To exploit the vulnerability, an attacker could send a specially crafted email message containing a malicious link to a user. Alternatively, an attacker could use a chat client to social engineer a user into clicking the malicious link.
The security update addresses the vulnerability by correcting how Microsoft Exchange validates web requests.
Note: In order to exploit this vulnerability, a user must click a maliciously crafted link from an attacker.
Solution
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.