{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T15:47:03.335","vulnerabilities":[{"cve":{"id":"CVE-2018-8448","sourceIdentifier":"secure@microsoft.com","published":"2018-10-10T13:29:02.463","lastModified":"2024-11-21T04:13:51.007","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\" This affects Microsoft Exchange Server."},{"lang":"es","value":"Existe una vulnerabilidad de elevaciĆ³n de privilegios cuando Microsoft Exchange Outlook Web Access (OWA) fracasa a la hora de gestionar correctamente peticiones web. Esto tambiĆ©n se conoce como \"Microsoft Exchange Server Elevation of Privilege Vulnerability\". Esto afecta a Microsoft Exchange Server."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*","matchCriteriaId":"B560F8FD-068E-4A16-A37F-A62DCE88FCF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*","matchCriteriaId":"63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105492","source":"secure@microsoft.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1041836","source":"secure@microsoft.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/105492","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1041836","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8448","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}