Vulners
Lucene search
CVE-2019-0724
🗓️ 06 Mar 2019 00:00:00Reported by microsoftType 
cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 200 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 28 |
|---|---|---|---|---|
 | Vulnerability Management at Tinkoff Fintech School | 4 Mar 201910:38 | – | avleonov |
 | The vulnerability of Microsoft Exchange Server’s mail server, related to inadequate access control, allows a hacker to alter the access rights to files. | 6 Mar 201900:00 | – | bdu_fstec |
 | CVE-2019-0724 | 18 Oct 201911:36 | – | circl |
 | Microsoft Exchange Privilege Escalation (CVE-2019-0724) | 30 Dec 201900:00 | – | checkpoint_advisories |
 | CVE-2019-0724 | 6 Mar 201900:00 | – | cvelist |
 | Cumulative Update 22 for Exchange Server 2013 | 12 Feb 201908:00 | – | mskb |
| Cumulative Update 1 for Exchange Server 2019 | 12 Feb 201908:00 | – | mskb |
| Cumulative Update 12 for Exchange Server 2016 | 12 Feb 201908:00 | – | mskb |
| Update Rollup 26 for Exchange Server 2010 Service Pack 3 | 12 Feb 201908:00 | – | mskb |
 | KLA11420 Multiple vulnerabilities in Microsoft Exchange Server | 12 Feb 201900:00 | – | kaspersky |
10
Node
OROROR
[
{
"product": "Microsoft Exchange Server 2010",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Service Pack 3 Update Rollup 26"
}
]
},
{
"product": "Microsoft Exchange Server 2013",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Cumulative Update 22"
}
]
},
{
"product": "Microsoft Exchange Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Cumulative Update 12"
}
]
},
{
"product": "Microsoft Exchange Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Cumulative Update 1"
}
]
}
]| Source | Link |
|---|---|
| securityfocus | www.securityfocus.com/bid/106906 |
| portal | www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0724 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| PushSubscriptionRequest | request body | /EWS/Exchange.asmx | Exploits Exchange PushSubscription to relay NTLM authentication to attacker-controlled URL. | |
| URL | request body | /EWS/Exchange.asmx | Exploits Exchange PushSubscription to relay NTLM authentication to attacker-controlled URL. | |
| EventTypes | request body | /EWS/Exchange.asmx | Exploits Exchange PushSubscription to relay NTLM authentication to attacker-controlled URL. | |
| StatusFrequency | request body | /EWS/Exchange.asmx | Exploits Exchange PushSubscription to relay NTLM authentication to attacker-controlled URL. | |
| Subscribe | request body | /EWS/Exchange.asmx | Exploits Exchange PushSubscription to relay NTLM authentication to attacker-controlled URL. | |
| NewMailEvent | request body | /EWS/Exchange.asmx | Exploits Exchange PushSubscription to relay NTLM authentication to attacker-controlled URL. | |
| ModifiedEvent | request body | /EWS/Exchange.asmx | Exploits Exchange PushSubscription to relay NTLM authentication to attacker-controlled URL. | |
| MovedEvent | request body | /EWS/Exchange.asmx | Exploits Exchange PushSubscription to relay NTLM authentication to attacker-controlled URL. |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 02:08Current
7.5High risk
Vulners AI Score7.5
CVSS 3.18.1
CVSS 29.3
EPSS0.23799