Test ID:	1.3.6.1.4.1.25623.1.0.805198
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Exchange Server Privilege Escalation Vulnerability (3062157)
Summary:	This host is missing an important security; update according to Microsoft Bulletin MS15-064.
Description:	Summary: This host is missing an important security update according to Microsoft Bulletin MS15-064. Vulnerability Insight: Flaw is due to Microsoft Exchange web applications when Exchange does not properly manage same-origin policy. Vulnerability Impact: Successful exploitation will allow remote attackers to scan and attack systems behind a firewall that are normally inaccessible from the outside world, enumerate and attack services that are running on these host systems and exploit host-based authentication services. Affected Software/OS: Microsoft Exchange Server 2013 SP1 and Microsoft Exchange Server 2013 Cumulative Update 8. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1764 BugTraq ID: 75007 http://www.securityfocus.com/bid/75007 Microsoft Security Bulletin: MS15-064 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-064 http://www.securitytracker.com/id/1032528 Common Vulnerability Exposure (CVE) ID: CVE-2015-1771 BugTraq ID: 75011 http://www.securityfocus.com/bid/75011 Common Vulnerability Exposure (CVE) ID: CVE-2015-2359 BugTraq ID: 75013 http://www.securityfocus.com/bid/75013
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.