Description
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0588
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106437
Scores
CVSS v3
6.5
EPSS
0.0151
EPSS Percentile
81.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-732
Status
published
Products (4)
microsoft/exchange_server
2010 sp3_rollup25
microsoft/exchange_server
2013 cumulative_update_21
microsoft/exchange_server
2016 cumulative_update_10 (2 CPE variants)
microsoft/exchange_server
2019
Published
Jan 08, 2019
Tracked Since
Feb 18, 2026