CVE-2020-0903

Summary

A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 4unspecifiedaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 15unspecifiedaffected
MicrosoftMicrosoft Exchange Server 2019 Cumulative Update 3unspecifiedaffected
MicrosoftMicrosoft Exchange Server 2016 Cumulative Update 14unspecifiedaffected

Weaknesses

  • Spoofing

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References