Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2019-1084
HistoryJul 15, 2019 - 7:15 p.m.

CVE-2019-1084

2019-07-1519:15:17
CWE-200
[email protected]
web.nvd.nist.gov
2

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.9 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka ‘Microsoft Exchange Information Disclosure Vulnerability’.

Affected configurations

NVD
Node
microsoftexchange_serverMatch2010sp2
OR
microsoftexchange_serverMatch2013cumulative_update_23
OR
microsoftexchange_serverMatch2016cumulative_update_1
OR
microsoftexchange_serverMatch2016cumulative_update_12
OR
microsoftexchange_serverMatch2016cumulative_update_13
OR
microsoftexchange_serverMatch2016cumulative_update_2
OR
microsoftlyncMatch2013sp1
OR
microsoftlync_basicMatch2013sp1
OR
microsoftmail_and_calendarMatch-
OR
microsoftofficeMatch2010sp2
OR
microsoftofficeMatch2013sp1
OR
microsoftofficeMatch2016
OR
microsoftofficeMatch2016mac_os
OR
microsoftofficeMatch2019
OR
microsoftofficeMatch2019macos
OR
microsoftoffice_365_proplusMatch-
OR
microsoftoutlookMatch-iphone_os
OR
microsoftoutlookMatch2013sp1
OR
microsoftoutlookMatch2016
OR
microsoftoutlookMatch2016android
OR
microsoftskype_for_businessMatch2016
OR
microsoftskype_for_business_basicMatch2016

Related

cve 1
prion 1
openvas 8
nessus 6
mskb 10
symantec 1
mscve 5
cvelist 1
kaspersky 3
talosblog 1
cve
cve
CVE-2019-1084
2019-07-15 19:15:17
prion
prion
Information disclosure
2019-07-15 19:15:00
openvas
openvas
Microsoft Outlook 2010 Service Pack 2 Information Disclosure Vulnerability (KB4475509)
2019-07-10 00:00:00
Microsoft Outlook 2013 Service Pack 1 Information Disclosure Vulnerability (KB4464592)
2019-07-10 00:00:00
Microsoft Office 2016 Information Disclosure Vulnerability (KB4475514)
2019-07-10 00:00:00
nessus
nessus
Security Updates for Microsoft Skype for Business and Microsoft Lync (July 2019)
2019-07-11 00:00:00
Security Updates for Outlook (July 2019)
2019-07-09 00:00:00
Security Updates for Exchange (July 2019)
2019-07-09 00:00:00
mskb
mskb
Description of the security update for Outlook 2016: July 9, 2019
2019-07-09 07:00:00
Description of the security update for Office 2016: July 9, 2019
2019-07-09 07:00:00
Description of the security update for Outlook 2013: July 9, 2019
2019-07-09 07:00:00
symantec
symantec
Microsoft Exchange Server CVE-2019-1084 Information Disclosure Vulnerability
2019-07-09 00:00:00
mscve
mscve
Microsoft Exchange Information Disclosure Vulnerability
2019-07-09 07:00:00
Microsoft Exchange Server Remote Code Execution Vulnerability
2021-03-02 08:00:00
Microsoft Exchange Server Remote Code Execution Vulnerability
2021-03-02 08:00:00
cvelist
cvelist
CVE-2019-1084
2019-07-15 18:56:21
kaspersky
kaspersky
KLA11820 Multiple vulnerabilities in Microsoft Apps
2019-07-09 00:00:00
KLA11518 Multiple vulnerabilities in Microsoft Exchange Server
2019-07-09 00:00:00
KLA11512 Multiple vulnerabilities in Microsoft Office
2019-07-09 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday — July 2019: Vulnerability disclosures and Snort coverage
2019-07-09 11:51:34

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.9 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.1%

JSON
Related for NVD:CVE-2019-1084
cve1prion1openvas8nessus6mskb10symantec1mscve5cvelist1kaspersky3talosblog1