Vulners
Lucene search
CVE-2020-0688
🗓️ 11 Feb 2020 21:22:59Reported by microsoftType 
cve🔗 web.nvd.nist.gov📰️ 11 Media mentions👁 2660 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 144 |
|---|---|---|---|---|
 | Background Intelligent Transfer Service CVE-2020-0787 - Privilege Escalation | 12 Jun 202013:15 | – | 0daydb |
 | Microsoft Exchange 2019 15.2.221.12 - Authenticated Remote Code Execution Exploit | 2 Mar 202000:00 | – | zdt |
| Exchange Control Panel Viewstate Deserialization Exploit | 5 Mar 202000:00 | – | zdt |
| Background Intelligent Transfer Service Privilege Escalation Exploit | 12 Jun 202000:00 | – | zdt |
 | Exploit for Improper Authentication in Microsoft | 22 Apr 202007:28 | – | githubexploit |
| Exploit for Improper Authentication in Microsoft | 4 Jan 202110:48 | – | githubexploit |
| Exploit for Improper Authentication in Microsoft | 25 Feb 202023:44 | – | githubexploit |
| Exploit for Improper Authentication in Microsoft | 19 Mar 202016:39 | – | githubexploit |
| Exploit for Improper Authentication in Microsoft | 9 May 202412:50 | – | githubexploit |
| Exploit for Improper Authentication in Microsoft | 28 Feb 202016:04 | – | githubexploit |
10
Node
OROROROROR
[
{
"product": "Microsoft Exchange Server 2013",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Cumulative Update 23"
}
]
},
{
"product": "Microsoft Exchange Server 2019 Cumulative Update 3",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Exchange Server 2016 Cumulative Update 14",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Exchange Server 2016 Cumulative Update 15",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Exchange Server 2019 Cumulative Update 4",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| password | request body | /owa/auth.owa | POST request to authenticate that can be abused to trigger RCE via Exchange authentication flow (CVE-2020-0688) | CWE-287 |
| flags | request body | /owa/auth.owa | POST request to authenticate that can be abused to trigger RCE via Exchange authentication flow (CVE-2020-0688) | CWE-287 |
| destination | request body | /owa/auth.owa | POST request to authenticate that can be abused to trigger RCE via Exchange authentication flow (CVE-2020-0688) | CWE-287 |
| username | request body | /owa/auth.owa | POST request to authenticate that can be abused to trigger RCE via Exchange authentication flow (CVE-2020-0688) | CWE-287 |
| __VIEWSTATE | query param | /ecp/default.aspx | GET request transmitting crafted __VIEWSTATE to exploit deserialization vulnerability in Exchange Control Panel | CWE-287 |
| __VIEWSTATEGENERATOR | query param | /ecp/default.aspx | GET request transmitting crafted __VIEWSTATE to exploit deserialization vulnerability in Exchange Control Panel | CWE-287 |
10
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 02:46Current
8.5High risk
Vulners AI Score8.5
CVSS 3.18.8
CVSS 29
EPSS0.99965
SSVC