Published: 08/01/2019 Updated: 24/08/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft exchange server 2010
microsoft exchange server 2013
microsoft exchange server 2016
microsoft exchange server 2019

Welcome to 2019: Your Exchange server can be pwned by an email (and other bugs need fixing)

The Register • Shaun Nichols in San Francisco • 08 Jan 2019

Hyper-V, DHCP, Word, and more. Plus, bonus shock: Adobe spares Flash in January patch dump

Patch Tuesday Microsoft has released the first Patch Tuesday bundle of the year, patching up 49 CVE-listed security vulnerabilities and issuing two advisories. The January edition of Patch Tuesday includes critical fixes for Windows 10, Exchange Server, and Hyper-V. Among the 49 bug fixes were patches for remote code execution flaws in DHCP (CVE-2019-0547) and an Exchange memory corruption flaw (CVE-2019-0586) that Trend Micro ZDI researcher Dustin Childs warns is particularly dangerous as it ca...

CVE-2019-0588

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect