This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2015-03-11
Product Exchange Server Last view 2019-07-15
Version 2013 Type Application
Update cumulative_update_7  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:exchange_server

Activity : Overall

Related : CVE

  Date Alert Description
5.4 2019-07-15 CVE-2019-1137

A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.

4.3 2015-03-11 CVE-2015-1632

Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error Message Cross Site Scripting Vulnerability."

5 2015-03-11 CVE-2015-1631

Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability."

4.3 2015-03-11 CVE-2015-1630

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulnerability."

4.3 2015-03-11 CVE-2015-1629

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "ExchangeDLP Cross Site Scripting Vulnerability."

4.3 2015-03-11 CVE-2015-1628

Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka "OWA Modified Canary Parameter Cross Site Scripting Vulnerability."

CWE : Common Weakness Enumeration

%idName
83% (5) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
16% (1) CWE-284 Access Control (Authorization) Issues

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0049 Multiple Vulnerabilities in Microsoft Exchange Server (MS15-026)
Severity: Category II - VMSKEY: V0058991

Snort® IPS/IDS

Date Description
2015-04-14 Microsoft Exchange UM Management user stored XSS attempt
RuleID : 33811 - Type : SERVER-MAIL - Revision : 3
2015-04-14 Microsoft Exchange Server custom DLP policy name cross-site scripting attempt
RuleID : 33810 - Type : SERVER-OTHER - Revision : 3
2015-04-14 Microsoft Exchange OWA X-OWA-CANARY command injection attempt
RuleID : 33807 - Type : SERVER-MAIL - Revision : 3
2015-04-14 Microsoft Outlook WebAccess msgParam cross site scripting attempt
RuleID : 33762 - Type : SERVER-WEBAPP - Revision : 3

Nessus® Vulnerability Scanner

id Description
2015-03-10 Name: The remote Microsoft Exchange server is affected by multiple vulnerabilities.
File: smb_nt_ms15-026.nasl - Type: ACT_GATHER_INFO