CVE-2019-0588Incorrect Permission Assignment in Microsoft Exchange Server

CWE-732Incorrect Permission Assignment5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
2.0%
top 16.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Exchange ServerMicrosoft Exchange Server
Timeline
PublishedJan 8
Latest updateMay 13

Description

An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDmicrosoft/exchange_server4 versions+3
CVEListV5microsoft/microsoft_exchange_server5 versions+4

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-rccg-m8rw-5858: An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than inte2022-05-13
CVEList
CVE-2019-0588: An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than inte2019-01-08

📋Vendor Advisories

1
Microsoft
Microsoft Exchange Information Disclosure Vulnerability2019-01-08

💬Community

1
Bugzilla
CVE-2019-14894 CloudForms: RCE vulnerability in NFS schedule backup2019-11-06
CVE-2019-0588 — Incorrect Permission Assignment | cvebase