CVE-2020-1493

CWE-922CWE-200Information Exposure4 documents4 sources
Severity
5.5MEDIUM
EPSS
30.3%
top 3.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Microsoft Microsoft 365 Apps FOR EnterpriseMicrosoft Microsoft Office 2019Microsoft Microsoft Outlook 2010 Service Pack 2+4 more
Timeline
PublishedAug 17
Latest updateMay 24

Description

An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The secur

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

CVEListV5microsoft/microsoft_outlook_201616.0.0.0publication
CVEListV5microsoft/microsoft_outlook_2010_service_pack_213.0.0.0publication
CVEListV5microsoft/microsoft_outlook_2013_service_pack_115.0.0.0publication
NVDmicrosoft/outlook2010, 2013, 2016+2
CVEListV5microsoft/microsoft_office_201919.0.0https://aka.ms/OfficeSecurityReleases

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-w39r-2vjm-hgjq: An information disclosure vulnerability exists when attaching files to Outlook messages, aka 'Microsoft Outlook Information Disclosure Vulnerability'2022-05-24
CVEList
Microsoft Outlook Information Disclosure Vulnerability2020-08-17

📋Vendor Advisories

1
Microsoft
Microsoft Outlook Information Disclosure Vulnerability2020-08-11
CVE-2020-1493 (MEDIUM CVSS 5.5) | An information disclosure vulnerabi | cvebase.io