Medium severity4.3NVD Advisory· Published Sep 14, 2016· Updated Jun 17, 2026
CVE-2016-0138
CVE-2016-0138
Description
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:microsoft:exchange_server:2007:sp3:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:microsoft:exchange_server:2007:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_12:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_13:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_2:*:*:*:*:*:*
- (no CPE)range: 2007 SP3, 2010 SP3, 2013 SP1, 2013 CU12, 2013 CU13, 2016 CU1, 2016 CU2
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.