CVE-2019-0817

CWE-194 documents4 sources

Severity

5.4MEDIUM

EPSS

2.3%

top 15.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Exchange Server Microsoft Microsoft Exchange Server 2013 Microsoft Microsoft Exchange Server 2016 +2 more

Timeline

PublishedApr 9

Latest updateMay 13

Description

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages5 packages

▶CVEListV5microsoft/microsoft_exchange_server_2019Cumulative Update 1

▶NVDmicrosoft/exchange_server4 versions+3

▶CVEListV5microsoft/microsoft_exchange_server2010 Service Pack 3, 2019+1

▶CVEListV5microsoft/microsoft_exchange_server_2013Cumulative Update 22

▶CVEListV5microsoft/microsoft_exchange_server_2016Cumulative Update 11, Cumulative Update 12+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-85h3-h3xc-gj4h: A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Excha↗2022-05-13

▶

CVEList

CVE-2019-0817: A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Excha↗2019-04-09

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Spoofing Vulnerability↗2019-04-09

▶