PT-2019-1166 · Microsoft · Exchange Server

Published

2019-01-08

Updated

2020-08-24

CVE-2019-0588

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server (affected versions not specified)

Description: The issue is related to insufficient access control in the Microsoft Exchange Server PowerShell API, which can lead to information disclosure. This allows a remote attacker to access protected information in the Calendar application. The vulnerability grants calendar contributors more view permissions than intended, enabling them to view additional details about the calendar that would normally be hidden.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Improper Access Control

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-284CWE-200

Related Identifiers

BDU:2019-00210

CVE-2019-0588

Affected Products

Exchange Server

PT-2019-1166 · Microsoft · Exchange Server

CVE-2019-0588

Weakness Enumeration

Related Identifiers

Affected Products

References · 5