SSRF Vulnerability in Microsoft Exchange Server 2010 SP3 and Previous Versions via OWA Login Page

SSRF Vulnerability in Microsoft Exchange Server 2010 SP3 and Previous Versions via OWA Login Page

CVE-2018-16793 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.

Learn more about our Cis Benchmark Audit For Microsoft Exchange Server.