6.5
CVE-2019-1084
- EPSS 7.82%
- Veröffentlicht 15.07.2019 19:15:17
- Zuletzt bearbeitet 21.11.2024 04:35:59
- Quelle secure@microsoft.com
- Teams Watchlist Login
- Unerledigt Login
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Exchange Server Version2010 Updatesp2
Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_23
Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_1
Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_12
Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_13
Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_2
Microsoft ≫ Lync Basic Version2013 Updatesp1
Microsoft ≫ Mail And Calendar Version-
Microsoft ≫ Office 365 Proplus Version-
Microsoft ≫ Skype For Business Version2016
Microsoft ≫ Skype For Business Basic Version2016
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.82% | 0.917 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.