Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
383
VMScore

CVE-2018-0940

Published: 14/03/2018 Updated: 24/08/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Microsoft

Vulnerability Summary

Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka "Microsoft Exchange Elevation of Privilege Vulnerability".

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

microsoft exchange server 2010

microsoft exchange server 2016

microsoft exchange server 2013

Recent Articles

It's March 2018, and your Windows PC can be pwned by a web article (well, none of OURS)
The Register • Shaun Nichols in San Francisco • 13 Mar 2018

Plus plenty of other Microsoft and Adobe bugs to fix

Patch Tuesday Microsoft delivered another hefty bundle of patches with its scheduled monthly update.
The March edition of Patch Tuesday lands just hours before researchers are expected to flaunt their latest and greatest exploits at the CanSecWest Pwn2Own hacking competition in Vancouver.
Hopefully nobody was planning to use any of the 75 CVE-listed vulnerabilities Microsoft addressed today, including several for the Edge and Internet Explorer browsers that would allow remote code ex...

Read more...
Microsoft March Patch Tuesday Fixes 74 Security Issues
BleepingComputer • Catalin Cimpanu • 13 Mar 2018

Microsoft has released its monthly security updates, and this month the company patched 74 vulnerabilities affecting products such as Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Exchange Server, ASP.NET Core, .NET Core, PowerShell Core, ChakraCore, Microsoft Office, and Microsoft Office Services and Web Apps.
There are no patches for zero-days this month, and the company patched two security bugs about which exploitation details had become public (CVE-2018-0808 and CVE-...

Read more...
It's March 2018, and your Windows PC can be pwned by a web article (well, none of OURS)
The Register • Shaun Nichols in San Francisco • 13 Mar 2018

Plus plenty of other Microsoft and Adobe bugs to fix

Patch Tuesday Microsoft delivered another hefty bundle of patches with its scheduled monthly update.
The March edition of Patch Tuesday lands just hours before researchers are expected to flaunt their latest and greatest exploits at the CanSecWest Pwn2Own hacking competition in Vancouver.
Hopefully nobody was planning to use any of the 75 CVE-listed vulnerabilities Microsoft addressed today, including several for the Edge and Internet Explorer browsers that would allow remote code ex...

Read more...

References

NVD-CWE-noinfohttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0940http://www.securitytracker.com/id/1040521http://www.securityfocus.com/bid/103323https://www.securityfocus.com/bid/103323https://nvd.nist.govhttps://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/103323
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2023-21068CVE-2023-21077unspecifiedCVE-2023-21070CVE-2023-21016file upload
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook