Exchange Server Security Vulnerabilities
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
5.4CVSS
7AI Score
0.004EPSS
A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server.
7.8CVSS
7.8AI Score
0.243EPSS
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
9.8CVSS
9.4AI Score
0.548EPSS
A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.
4.3CVSS
6.5AI Score
0.001EPSS
An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
5.4CVSS
6.1AI Score
0.004EPSS
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.
4.3CVSS
4.2AI Score
0.001EPSS
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
9.8CVSS
9.4AI Score
0.359EPSS
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.
6.5CVSS
7AI Score
0.001EPSS
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0724.
7.4CVSS
7.5AI Score
0.078EPSS
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.
8.1CVSS
7.5AI Score
0.078EPSS
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.
5.4CVSS
5.5AI Score
0.001EPSS
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817.
6.1CVSS
5.5AI Score
0.001EPSS
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisib...
6.5CVSS
5.3AI Score
0.005EPSS
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
8.1CVSS
5.7AI Score
0.003EPSS
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
5.4CVSS
5AI Score
0.001EPSS
A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'.
7.5CVSS
7.1AI Score
0.002EPSS
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'.
6.1CVSS
6.3AI Score
0.001EPSS
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.
9.8CVSS
9.7AI Score
0.045EPSS
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
8.1CVSS
7.9AI Score
0.003EPSS
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
5.4CVSS
5.1AI Score
0.001EPSS
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p><p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authe...
<p>An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.</p><p>To exploit the vulnerability, an attacker could include...
7.1CVSS
6.6AI Score
0.001EPSS
5.5CVSS
6.7AI Score
0.013EPSS
8.5CVSS
8.4AI Score
0.013EPSS
6.2CVSS
6.3AI Score
0.001EPSS
6.6CVSS
7.6AI Score
0.015EPSS
8.4CVSS
8.9AI Score
0.025EPSS
9.1CVSS
8.9AI Score
0.034EPSS
8.8CVSS
8.2AI Score
0.004EPSS
<p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.</p><p>This update addresses this vulnerability.</p><p>To prevent these types of attacks, Microsoft recommends customers to download inline imag...
5.4CVSS
5.6AI Score
0.001EPSS
6.5CVSS
6AI Score
0.001EPSS
9.1CVSS
8.8AI Score
0.036EPSS
9CVSS
8.3AI Score
0.004EPSS
6.6CVSS
8.1AI Score
0.007EPSS
9.1CVSS
8.8AI Score
0.036EPSS
9.8CVSS
9.2AI Score
0.035EPSS
8.8CVSS
9.2AI Score
0.013EPSS
9CVSS
9.2AI Score
0.002EPSS
6.5CVSS
7.5AI Score
0.916EPSS
7.8CVSS
8.2AI Score
0.006EPSS