Medium severity4.3NVD Advisory· Published Sep 14, 2016· Updated May 6, 2026

CVE-2016-0138

Description

Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/92806nvd
www.securitytracker.com/id/1036778nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-108nvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.012
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000