Exchange Cross-Site request forgery vulnerability in Microsoft Exchange ServerID: oval:org.secpod.oval:def:24832 | Date: (C)2015-06-10 (M)2024-03-26 |
Class: VULNERABILITY | Family: windows |
The host is installed with Exchange Server 2013, CU8 or SP1 and is prone to an Exchange Cross-Site request forgery vulnerability. A flaw is present in the application, which fails to properly manage user sessions. Successful exploitation could allow attackers to read content that the attacker is not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim.
Platform: |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Product: |
Microsoft Exchange Server 2013 |