cbcvebase.
CVE-2016-0138
published 2016-09-14

CVE-2016-0138: Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative…

PriorityP428medium4.3CVSS 3.0
AVNACLPRLUINSUCLINAN
EPSS
13.46%
96.0th percentile
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."

Affected

11 ranges
VendorProductVersion rangeFixed in
microsoftexchange_server
microsoftexchange_server
microsoftexchange_server
microsoftexchange_server
msrcmicrosoft_exchange_server_2007_service_pack_3
msrcmicrosoft_exchange_server_2010_service_pack_3
msrcmicrosoft_exchange_server_2013_cumulative_update_12
msrcmicrosoft_exchange_server_2013_cumulative_update_13
msrcmicrosoft_exchange_server_2013_service_pack_1
msrcmicrosoft_exchange_server_2016_cumulative_update_1
msrcmicrosoft_exchange_server_2016_cumulative_update_2

CVSS provenance

nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_msrc4.3HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.