CVE-2019-0858

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.8%

top 26.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Exchange Server Microsoft Microsoft Exchange Server 2013 Microsoft Microsoft Exchange Server 2016 +2 more

Timeline

PublishedApr 9

Latest updateMay 13

Description

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

▶CVEListV5microsoft/microsoft_exchange_server_2019Cumulative Update 1

▶NVDmicrosoft/exchange_server2013, 2016, 2019+2

▶CVEListV5microsoft/microsoft_exchange_server2019

▶CVEListV5microsoft/microsoft_exchange_server_2013Cumulative Update 22

▶CVEListV5microsoft/microsoft_exchange_server_2016Cumulative Update 11, Cumulative Update 12+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-q2p4-2448-29qg: A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Excha↗2022-05-13

▶

CVEList

CVE-2019-0858: A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Excha↗2019-04-09

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Spoofing Vulnerability↗2019-04-09

▶