CVE-2018-8558

medium

Description

An information disclosure vulnerability exists when Microsoft Outlook fails to respect "Default link type" settings configured via the SharePoint Online Admin Center, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Office 365 ProPlus, Microsoft Office. This CVE ID is unique from CVE-2018-8579.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8558

http://www.securityfocus.com/bid/105826

Details

Source: Mitre, NVD

Published: 2018-11-14

Updated: 2018-12-14

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium