CVE-2016-0138
Last modified
CVE-2016-0138 is a vulnerability of currently unknown severity. Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability.". EPSS estimates a 13.46% chance of exploitation in the next 30 days.
Description
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Exchange Server | 2007 | Sp3 |
| Microsoft | Exchange Server | 2010 | Sp3 |
| Microsoft | Exchange Server | 2013 | Cumulative Update 12 |
| Microsoft | Exchange Server | 2016 | Cumulative Update 1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-0138?
How severe is CVE-2016-0138?
How do I fix CVE-2016-0138?
Are you affected by CVE-2016-0138?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST