Published: 14/09/2016 Updated: 12/10/2018

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft exchange server 2013
microsoft exchange server 2016
microsoft exchange server 2007
microsoft exchange server 2010

CWE-200 http://www.securityfocus.com/bid/92806 http://www.securitytracker.com/id/1036778 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-108 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-0138

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect