Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L),but lead to no loss of availability (A:N) and integrity (I:N)? What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). What type of information could be disclosed by this vulnerability? If successfully exploited, this vulnerability could allow an authenticated user to learn information about internal or external network services that the Exchange server can reach, such as whether a service exists and how it responds. In some cases, error details returned by the server may reveal network addresses, connection status, or limited response data from those services. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, the Exchange server could be used to interact with other internal systems or services that are outside the normal security boundary of Exchange, potentially exposing information about those separate systems.
<a href="https://smlijun.github.io/">DongJun Kim (smlijun)</a> with UIUC, Hwiwon Lee (hwiwonl) with UIUC, Jongseong Kim (nevul37) with UIUC, Younggi Park (grill66) with UIUC, <a href="https://www.linkedin.com/in/talha--gunay/">TALHA GÜNAY</a>