Search

Find a vulnerability

Search criteria

    20 vulnerabilities found for Microsoft Exchange Server 2013 by Microsoft

    CVE-2020-0692 (GCVE-0-2020-0692)

    Vulnerability from nvd – Published: 2020-02-11 21:23 – Updated: 2024-08-04 06:11
    VLAI
    Summary
    An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:11:04.963Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019 Cumulative Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016 Cumulative Update 14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019 Cumulative Update 4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016 Cumulative Update 15",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T21:23:00.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0692",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019 Cumulative Update 4",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016 Cumulative Update 15",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0692",
        "datePublished": "2020-02-11T21:23:00.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:11:04.963Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0688 (GCVE-0-2020-0688)

    Vulnerability from nvd – Published: 2020-02-11 21:22 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    • CWE-287 - Improper Authentication
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:11:05.469Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-258/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0688",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T18:44:23.710392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0688"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:51.234Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0688"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-0688 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019 Cumulative Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016 Cumulative Update 14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016 Cumulative Update 15",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019 Cumulative Update 4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka \u0027Microsoft Exchange Memory Corruption Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-04T15:06:05.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-258/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0688",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016 Cumulative Update 15",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019 Cumulative Update 4",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka \u0027Microsoft Exchange Memory Corruption Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-258/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-258/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0688",
        "datePublished": "2020-02-11T21:22:59.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:51.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1373 (GCVE-0-2019-1373)

    Vulnerability from nvd – Published: 2019-11-12 18:52 – Updated: 2024-08-04 18:13
    VLAI
    Summary
    A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:30.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 2"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 13"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019 Cumulative Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016 Cumulative Update 14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka \u0027Microsoft Exchange Remote Code Execution Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-12T18:52:50.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1373",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka \u0027Microsoft Exchange Remote Code Execution Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1373",
        "datePublished": "2019-11-12T18:52:50.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:13:30.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1137 (GCVE-0-2019-1137)

    Vulnerability from nvd – Published: 2019-07-29 14:14 – Updated: 2024-08-04 18:06
    VLAI
    Summary
    A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Exchange Server 2016 Affected: Cumulative Update 12
    Affected: Cumulative Update 13
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2019 Affected: Cumulative Update 1
    Affected: Cumulative Update 2
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2013 Affected: Cumulative Update 23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.728Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 13"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 2"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka \u0027Microsoft Exchange Server Spoofing Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-29T14:14:05.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1137",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 12"
                              },
                              {
                                "version_value": "Cumulative Update 13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              },
                              {
                                "version_value": "Cumulative Update 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka \u0027Microsoft Exchange Server Spoofing Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1137",
        "datePublished": "2019-07-29T14:14:05.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:06:31.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1136 (GCVE-0-2019-1136)

    Vulnerability from nvd – Published: 2019-07-29 14:13 – Updated: 2024-08-04 18:06
    VLAI
    Summary
    An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.731Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1136"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 3"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 13"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-29T14:13:58.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1136"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1136",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 12"
                              },
                              {
                                "version_value": "Cumulative Update 13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1136",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1136"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1136",
        "datePublished": "2019-07-29T14:13:58.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:06:31.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1084 (GCVE-0-2019-1084)

    Vulnerability from nvd – Published: 2019-07-15 18:56 – Updated: 2024-08-04 18:06
    VLAI
    Summary
    An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Exchange Server Affected: 2010 Service Pack 3
    Create a notification for this product.
    Microsoft Microsoft Outlook Affected: 2010 Service Pack 2 (32-bit editions)
    Affected: 2010 Service Pack 2 (64-bit editions)
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Create a notification for this product.
    Microsoft Microsoft Office Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Affected: 2013 RT Service Pack 1
    Affected: 2016 for Mac
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Affected: 2019 for Mac
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Lync Basic Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Outlook for Android Affected: unspecified
    Create a notification for this product.
    Microsoft Skype for Business Affected: 2016 (32-bit)
    Affected: 2016 (64-bit)
    Create a notification for this product.
    Microsoft Skype for Business Basic Affected: 2016 (32-bit)
    Affected: 2016 (64-bit)
    Create a notification for this product.
    Microsoft Office 365 ProPlus Affected: 32-bit Systems
    Affected: 64-bit Systems
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2016 Affected: Cumulative Update 12
    Affected: Cumulative Update 13
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2019 Affected: Cumulative Update 1
    Affected: Cumulative Update 2
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2013 Affected: Cumulative Update 23
    Create a notification for this product.
    Microsoft Mail and Calendar Affected: unspecified
    Create a notification for this product.
    Microsoft Outlook for iOS Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 3"
                }
              ]
            },
            {
              "product": "Microsoft Outlook",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                }
              ]
            },
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 RT Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2016 for Mac"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for Mac"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Lync Basic",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Skype for Business",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Skype for Business Basic",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Office 365 ProPlus",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "64-bit Systems"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 13"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 2"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            },
            {
              "product": "Mail and Calendar",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Outlook for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka \u0027Microsoft Exchange Information Disclosure Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-15T18:56:21.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1084",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Outlook",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2 (32-bit editions)"
                              },
                              {
                                "version_value": "2010 Service Pack 2 (64-bit editions)"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              },
                              {
                                "version_value": "2013 RT Service Pack 1"
                              },
                              {
                                "version_value": "2016 for Mac"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              },
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              },
                              {
                                "version_value": "2019 for Mac"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Outlook for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Skype for Business",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 (32-bit)"
                              },
                              {
                                "version_value": "2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Skype for Business Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 (32-bit)"
                              },
                              {
                                "version_value": "2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office 365 ProPlus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "32-bit Systems"
                              },
                              {
                                "version_value": "64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 12"
                              },
                              {
                                "version_value": "Cumulative Update 13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              },
                              {
                                "version_value": "Cumulative Update 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Mail and Calendar",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Outlook for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka \u0027Microsoft Exchange Information Disclosure Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1084",
        "datePublished": "2019-07-15T18:56:21.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:06:31.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0858 (GCVE-0-2019-0858)

    Vulnerability from nvd – Published: 2019-04-09 20:19 – Updated: 2024-08-04 17:58
    VLAI
    Summary
    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817.
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:59.835Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0858"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 11"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 22"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \u0027Microsoft Exchange Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2019-0817."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-09T20:19:48.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0858"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0858",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 11"
                              },
                              {
                                "version_value": "Cumulative Update 12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 22"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \u0027Microsoft Exchange Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2019-0817."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0858",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0858"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0858",
        "datePublished": "2019-04-09T20:19:48.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:58:59.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0817 (GCVE-0-2019-0817)

    Vulnerability from nvd – Published: 2019-04-09 20:16 – Updated: 2024-08-04 17:58
    VLAI
    Summary
    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:59.015Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0817"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 3"
                },
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 11"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 22"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \u0027Microsoft Exchange Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2019-0858."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-09T20:16:25.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0817"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0817",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 3"
                              },
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 11"
                              },
                              {
                                "version_value": "Cumulative Update 12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 22"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \u0027Microsoft Exchange Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2019-0858."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0817",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0817"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0817",
        "datePublished": "2019-04-09T20:16:25.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:58:59.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0724 (GCVE-0-2019-0724)

    Vulnerability from nvd – Published: 2019-03-06 00:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Date Public
    2019-03-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.357Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0724"
              },
              {
                "name": "106906",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106906"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server 2010",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Service Pack 3 Update Rollup 26"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 22"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                }
              ]
            }
          ],
          "datePublic": "2019-03-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0686."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-06T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0724"
            },
            {
              "name": "106906",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106906"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0724",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server 2010",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Service Pack 3 Update Rollup 26"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 22"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0686."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0724",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0724"
                },
                {
                  "name": "106906",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106906"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0724",
        "datePublished": "2019-03-06T00:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:27.357Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0686 (GCVE-0-2019-0686)

    Vulnerability from nvd – Published: 2019-03-06 00:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0724.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Date Public
    2019-03-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0686"
              },
              {
                "name": "106937",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106937"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server 2010",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Service Pack 3 Update Rollup 26"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 22"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                }
              ]
            }
          ],
          "datePublic": "2019-03-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0724."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-06T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0686"
            },
            {
              "name": "106937",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106937"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0686",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server 2010",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Service Pack 3 Update Rollup 26"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 22"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0724."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0686",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0686"
                },
                {
                  "name": "106937",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106937"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0686",
        "datePublished": "2019-03-06T00:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:27.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0692 (GCVE-0-2020-0692)

    Vulnerability from cvelistv5 – Published: 2020-02-11 21:23 – Updated: 2024-08-04 06:11
    VLAI
    Summary
    An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:11:04.963Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019 Cumulative Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016 Cumulative Update 14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019 Cumulative Update 4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016 Cumulative Update 15",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-11T21:23:00.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0692",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019 Cumulative Update 4",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016 Cumulative Update 15",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0692",
        "datePublished": "2020-02-11T21:23:00.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:11:04.963Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-0688 (GCVE-0-2020-0688)

    Vulnerability from cvelistv5 – Published: 2020-02-11 21:22 – Updated: 2025-10-21 23:35
    VLAI CISA KEVIntel
    Summary
    A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    • CWE-287 - Improper Authentication
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:11:05.469Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-258/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-0688",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-04T18:44:23.710392Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0688"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-287",
                    "description": "CWE-287 Improper Authentication",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:35:51.234Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0688"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2020-0688 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019 Cumulative Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016 Cumulative Update 14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016 Cumulative Update 15",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019 Cumulative Update 4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka \u0027Microsoft Exchange Memory Corruption Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-04T15:06:05.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-258/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2020-0688",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016 Cumulative Update 15",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019 Cumulative Update 4",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka \u0027Microsoft Exchange Memory Corruption Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-258/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-258/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2020-0688",
        "datePublished": "2020-02-11T21:22:59.000Z",
        "dateReserved": "2019-11-04T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:35:51.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1373 (GCVE-0-2019-1373)

    Vulnerability from cvelistv5 – Published: 2019-11-12 18:52 – Updated: 2024-08-04 18:13
    VLAI
    Summary
    A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Remote Code Execution
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:13:30.472Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 2"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 13"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019 Cumulative Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016 Cumulative Update 14",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka \u0027Microsoft Exchange Remote Code Execution Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-12T18:52:50.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1373",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka \u0027Microsoft Exchange Remote Code Execution Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1373",
        "datePublished": "2019-11-12T18:52:50.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:13:30.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1137 (GCVE-0-2019-1137)

    Vulnerability from cvelistv5 – Published: 2019-07-29 14:14 – Updated: 2024-08-04 18:06
    VLAI
    Summary
    A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Exchange Server 2016 Affected: Cumulative Update 12
    Affected: Cumulative Update 13
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2019 Affected: Cumulative Update 1
    Affected: Cumulative Update 2
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2013 Affected: Cumulative Update 23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.728Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 13"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 2"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka \u0027Microsoft Exchange Server Spoofing Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-29T14:14:05.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1137",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 12"
                              },
                              {
                                "version_value": "Cumulative Update 13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              },
                              {
                                "version_value": "Cumulative Update 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka \u0027Microsoft Exchange Server Spoofing Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1137",
        "datePublished": "2019-07-29T14:14:05.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:06:31.728Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1136 (GCVE-0-2019-1136)

    Vulnerability from cvelistv5 – Published: 2019-07-29 14:13 – Updated: 2024-08-04 18:06
    VLAI
    Summary
    An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.731Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1136"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 3"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 13"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-29T14:13:58.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1136"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1136",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 12"
                              },
                              {
                                "version_value": "Cumulative Update 13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1136",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1136"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1136",
        "datePublished": "2019-07-29T14:13:58.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:06:31.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1084 (GCVE-0-2019-1084)

    Vulnerability from cvelistv5 – Published: 2019-07-15 18:56 – Updated: 2024-08-04 18:06
    VLAI
    Summary
    An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Exchange Server Affected: 2010 Service Pack 3
    Create a notification for this product.
    Microsoft Microsoft Outlook Affected: 2010 Service Pack 2 (32-bit editions)
    Affected: 2010 Service Pack 2 (64-bit editions)
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Create a notification for this product.
    Microsoft Microsoft Office Affected: 2013 Service Pack 1 (32-bit editions)
    Affected: 2013 Service Pack 1 (64-bit editions)
    Affected: 2013 RT Service Pack 1
    Affected: 2016 for Mac
    Affected: 2016 (32-bit edition)
    Affected: 2016 (64-bit edition)
    Affected: 2019 for 32-bit editions
    Affected: 2019 for 64-bit editions
    Affected: 2019 for Mac
    Create a notification for this product.
    Microsoft Microsoft Lync Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Lync Basic Affected: 2013 Service Pack 1 (32-bit)
    Affected: 2013 Service Pack 1 (64-bit)
    Create a notification for this product.
    Microsoft Microsoft Outlook for Android Affected: unspecified
    Create a notification for this product.
    Microsoft Skype for Business Affected: 2016 (32-bit)
    Affected: 2016 (64-bit)
    Create a notification for this product.
    Microsoft Skype for Business Basic Affected: 2016 (32-bit)
    Affected: 2016 (64-bit)
    Create a notification for this product.
    Microsoft Office 365 ProPlus Affected: 32-bit Systems
    Affected: 64-bit Systems
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2016 Affected: Cumulative Update 12
    Affected: Cumulative Update 13
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2019 Affected: Cumulative Update 1
    Affected: Cumulative Update 2
    Create a notification for this product.
    Microsoft Microsoft Exchange Server 2013 Affected: Cumulative Update 23
    Create a notification for this product.
    Microsoft Mail and Calendar Affected: unspecified
    Create a notification for this product.
    Microsoft Outlook for iOS Affected: unspecified
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:06:31.581Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 3"
                }
              ]
            },
            {
              "product": "Microsoft Outlook",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2010 Service Pack 2 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                }
              ]
            },
            {
              "product": "Microsoft Office",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit editions)"
                },
                {
                  "status": "affected",
                  "version": "2013 RT Service Pack 1"
                },
                {
                  "status": "affected",
                  "version": "2016 for Mac"
                },
                {
                  "status": "affected",
                  "version": "2016 (32-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit edition)"
                },
                {
                  "status": "affected",
                  "version": "2019 for 32-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for 64-bit editions"
                },
                {
                  "status": "affected",
                  "version": "2019 for Mac"
                }
              ]
            },
            {
              "product": "Microsoft Lync",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Lync Basic",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2013 Service Pack 1 (64-bit)"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Skype for Business",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Skype for Business Basic",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2016 (32-bit)"
                },
                {
                  "status": "affected",
                  "version": "2016 (64-bit)"
                }
              ]
            },
            {
              "product": "Office 365 ProPlus",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "32-bit Systems"
                },
                {
                  "status": "affected",
                  "version": "64-bit Systems"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 13"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 2"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 23"
                }
              ]
            },
            {
              "product": "Mail and Calendar",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            },
            {
              "product": "Outlook for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "unspecified"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka \u0027Microsoft Exchange Information Disclosure Vulnerability\u0027."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-15T18:56:21.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-1084",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Outlook",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 2 (32-bit editions)"
                              },
                              {
                                "version_value": "2010 Service Pack 2 (64-bit editions)"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Office",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit editions)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit editions)"
                              },
                              {
                                "version_value": "2013 RT Service Pack 1"
                              },
                              {
                                "version_value": "2016 for Mac"
                              },
                              {
                                "version_value": "2016 (32-bit edition)"
                              },
                              {
                                "version_value": "2016 (64-bit edition)"
                              },
                              {
                                "version_value": "2019 for 32-bit editions"
                              },
                              {
                                "version_value": "2019 for 64-bit editions"
                              },
                              {
                                "version_value": "2019 for Mac"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Lync Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2013 Service Pack 1 (32-bit)"
                              },
                              {
                                "version_value": "2013 Service Pack 1 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Outlook for Android",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Skype for Business",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 (32-bit)"
                              },
                              {
                                "version_value": "2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Skype for Business Basic",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2016 (32-bit)"
                              },
                              {
                                "version_value": "2016 (64-bit)"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Office 365 ProPlus",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "32-bit Systems"
                              },
                              {
                                "version_value": "64-bit Systems"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 12"
                              },
                              {
                                "version_value": "Cumulative Update 13"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              },
                              {
                                "version_value": "Cumulative Update 2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 23"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Mail and Calendar",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Outlook for iOS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": ""
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka \u0027Microsoft Exchange Information Disclosure Vulnerability\u0027."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-1084",
        "datePublished": "2019-07-15T18:56:21.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T18:06:31.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0858 (GCVE-0-2019-0858)

    Vulnerability from cvelistv5 – Published: 2019-04-09 20:19 – Updated: 2024-08-04 17:58
    VLAI
    Summary
    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817.
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:59.835Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0858"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 11"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 22"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \u0027Microsoft Exchange Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2019-0817."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-09T20:19:48.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0858"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0858",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 11"
                              },
                              {
                                "version_value": "Cumulative Update 12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 22"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \u0027Microsoft Exchange Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2019-0817."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0858",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0858"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0858",
        "datePublished": "2019-04-09T20:19:48.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:58:59.835Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0817 (GCVE-0-2019-0817)

    Vulnerability from cvelistv5 – Published: 2019-04-09 20:16 – Updated: 2024-08-04 17:58
    VLAI
    Summary
    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.
    Severity
    No CVSS data available.
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:58:59.015Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0817"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "2010 Service Pack 3"
                },
                {
                  "status": "affected",
                  "version": "2019"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 11"
                },
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 22"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \u0027Microsoft Exchange Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2019-0858."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-09T20:16:25.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0817"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0817",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2010 Service Pack 3"
                              },
                              {
                                "version_value": "2019"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 11"
                              },
                              {
                                "version_value": "Cumulative Update 12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 22"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka \u0027Microsoft Exchange Spoofing Vulnerability\u0027. This CVE ID is unique from CVE-2019-0858."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Spoofing"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0817",
                  "refsource": "MISC",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0817"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0817",
        "datePublished": "2019-04-09T20:16:25.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:58:59.015Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0724 (GCVE-0-2019-0724)

    Vulnerability from cvelistv5 – Published: 2019-03-06 00:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Date Public
    2019-03-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.357Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0724"
              },
              {
                "name": "106906",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106906"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server 2010",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Service Pack 3 Update Rollup 26"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 22"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                }
              ]
            }
          ],
          "datePublic": "2019-03-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0686."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-06T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0724"
            },
            {
              "name": "106906",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106906"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0724",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server 2010",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Service Pack 3 Update Rollup 26"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 22"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0686."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0724",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0724"
                },
                {
                  "name": "106906",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106906"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0724",
        "datePublished": "2019-03-06T00:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:27.357Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0686 (GCVE-0-2019-0686)

    Vulnerability from cvelistv5 – Published: 2019-03-06 00:00 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0724.
    Severity
    No CVSS data available.
    CWE
    • Elevation of Privilege
    Assigner
    References
    Date Public
    2019-03-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.156Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0686"
              },
              {
                "name": "106937",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106937"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Exchange Server 2010",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Service Pack 3 Update Rollup 26"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2013",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 22"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2016",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 12"
                }
              ]
            },
            {
              "product": "Microsoft Exchange Server 2019",
              "vendor": "Microsoft",
              "versions": [
                {
                  "status": "affected",
                  "version": "Cumulative Update 1"
                }
              ]
            }
          ],
          "datePublic": "2019-03-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0724."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-03-06T10:57:01.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0686"
            },
            {
              "name": "106937",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106937"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2019-0686",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Microsoft Exchange Server 2010",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Service Pack 3 Update Rollup 26"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2013",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 22"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2016",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 12"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Microsoft Exchange Server 2019",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Cumulative Update 1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2019-0724."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of Privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0686",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0686"
                },
                {
                  "name": "106937",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106937"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2019-0686",
        "datePublished": "2019-03-06T00:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:27.156Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }