Lucene search

[email protected]CVE-2019-0724

HistoryMar 06, 2019 - 12:00 a.m.

CVE-2019-0724

2019-03-0600:00:00

[email protected]

web.nvd.nist.gov

143

cve-2019-0724

microsoft exchange server

elevation of privilege

vulnerability

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.075 Low

EPSS

Percentile

94.2%

JSON

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka ‘Microsoft Exchange Server Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0686.

Affected configurations

Vulners

NVD

Node

microsoftmicrosoft_exchange_server_2010MatchService Pack 3 Update Rollup 26

microsoftmicrosoft_exchange_server_2013MatchCumulative Update 22

microsoftmicrosoft_exchange_server_2016MatchCumulative Update 12

microsoftmicrosoft_exchange_server_2019MatchCumulative Update 1

VendorProductVersionCPE
microsoftmicrosoft_exchange_server_2010Service Pack 3 Update Rollup 26cpe:2.3:a:microsoft:microsoft_exchange_server_2010:Service Pack 3 Update Rollup 26:*:*:*:*:*:*:*
microsoftmicrosoft_exchange_server_2013Cumulative Update 22cpe:2.3:a:microsoft:microsoft_exchange_server_2013:Cumulative Update 22:*:*:*:*:*:*:*
microsoftmicrosoft_exchange_server_2016Cumulative Update 12cpe:2.3:a:microsoft:microsoft_exchange_server_2016:Cumulative Update 12:*:*:*:*:*:*:*
microsoftmicrosoft_exchange_server_2019Cumulative Update 1cpe:2.3:a:microsoft:microsoft_exchange_server_2019:Cumulative Update 1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	microsoft_exchange_server_2010	Service Pack 3 Update Rollup 26	cpe:2.3:a:microsoft:microsoft_exchange_server_2010:Service Pack 3 Update Rollup 26:::::::*
microsoft	microsoft_exchange_server_2013	Cumulative Update 22	cpe:2.3:a:microsoft:microsoft_exchange_server_2013:Cumulative Update 22:::::::*
microsoft	microsoft_exchange_server_2016	Cumulative Update 12	cpe:2.3:a:microsoft:microsoft_exchange_server_2016:Cumulative Update 12:::::::*
microsoft	microsoft_exchange_server_2019	Cumulative Update 1	cpe:2.3:a:microsoft:microsoft_exchange_server_2019:Cumulative Update 1:::::::*

CNA Affected

[
  {
    "product": "Microsoft Exchange Server 2010",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "Service Pack 3 Update Rollup 26"
      }
    ]
  },
  {
    "product": "Microsoft Exchange Server 2013",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "Cumulative Update 22"
      }
    ]
  },
  {
    "product": "Microsoft Exchange Server 2016",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "Cumulative Update 12"
      }
    ]
  },
  {
    "product": "Microsoft Exchange Server 2019",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "Cumulative Update 1"
      }
    ]
  }
]