4
CVSSv2

CVE-2019-0588

Published: 08/01/2019 Updated: 24/08/2020
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft exchange server 2010

microsoft exchange server 2013

microsoft exchange server 2016

microsoft exchange server 2019

Recent Articles

Microsoft Patches Remote Code Execution Vulnerability in Exchange Server
BleepingComputer • Sergiu Gatlan • 10 Jan 2019

Microsoft released a
designed to patch remote code execution (RCE) and information disclosure vulnerabilities in its Microsoft Exchange Server 2019, 2016, and 2013 products.
The RCE security issue is being tracked as 
 and according to Microsoft's
it exists because "the software fails to properly handle objects in memory."
Following a successful attack of a vulnerable Microsoft Exchange Server installations, potential attackers would be able to take advanta...

Welcome to 2019: Your Exchange server can be pwned by an email (and other bugs need fixing)
The Register • Shaun Nichols in San Francisco • 08 Jan 2019

Hyper-V, DHCP, Word, and more. Plus, bonus shock: Adobe spares Flash in January patch dump

Patch Tuesday Microsoft has released the first Patch Tuesday bundle of the year, patching up 49 CVE-listed security vulnerabilities and issuing two advisories.
The January edition of Patch Tuesday includes critical fixes for Windows 10, Exchange Server, and Hyper-V.
Among the 49 bug fixes were patches for remote code execution flaws in DHCP (CVE-2019-0547) and an Exchange memory corruption flaw (CVE-2019-0586) that Trend Micro ZDI researcher Dustin Childs warns is particularly danger...

Welcome to 2019: Your Exchange server can be pwned by an email (and other bugs need fixing)
The Register • Shaun Nichols in San Francisco • 08 Jan 2019

Hyper-V, DHCP, Word, and more. Plus, bonus shock: Adobe spares Flash in January patch dump

Patch Tuesday Microsoft has released the first Patch Tuesday bundle of the year, patching up 49 CVE-listed security vulnerabilities and issuing two advisories.
The January edition of Patch Tuesday includes critical fixes for Windows 10, Exchange Server, and Hyper-V.
Among the 49 bug fixes were patches for remote code execution flaws in DHCP (CVE-2019-0547) and an Exchange memory corruption flaw (CVE-2019-0586) that Trend Micro ZDI researcher Dustin Childs warns is particularly danger...