PT-2018-9163 · Microsoft · Exchange Server 2016+2
Cameron Vincent
·
Published
2018-03-13
·
Updated
2020-08-24
·
CVE-2018-0941
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Microsoft Exchange Server 2016 versions Cumulative Update 7 through Cumulative Update 8
Description:
An information disclosure issue exists due to how data is imported. This could allow an attacker to discover sensitive information that should otherwise not be disclosed, particularly if the impacted user is using Microsoft Exchange Outlook Web Access (OWA).
Recommendations:
For Microsoft Exchange Server 2016 Cumulative Update 7, update to a version that fixes the information disclosure vulnerability.
For Microsoft Exchange Server 2016 Cumulative Update 8, update to a version that fixes the information disclosure vulnerability.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Exchange Server
Exchange Outlook Web Access
Exchange Server 2016