Exchange Server
by Microsoft
CVEs (233)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-1136 | 0.00 | — | 0.03 | Jul 29, 2019 | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. | |||
| CVE-2019-0858 | 0.00 | — | 0.02 | Apr 9, 2019 | A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817. | |||
| CVE-2019-0817 | 0.00 | — | 0.02 | Apr 9, 2019 | A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858. | |||
| CVE-2019-0588 | 0.00 | — | 0.05 | Jan 8, 2019 | An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server. | |||
| CVE-2018-8604 | 0.00 | — | 0.03 | Dec 12, 2018 | A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server. | |||
| CVE-2015-1771 | 0.00 | — | 0.06 | Jun 10, 2015 | Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability." | |||
| CVE-2005-0738 | 0.00 | — | 0.05 | May 2, 2005 | Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a… | |||
| CVE-2002-1876 | 0.00 | — | 0.05 | Dec 31, 2002 | Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. | |||
| CVE-2002-0507 | 0.00 | — | 0.02 | Aug 12, 2002 | An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually… | |||
| CVE-2001-0666 | 0.00 | — | 0.02 | Oct 30, 2001 | Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox. | |||
| CVE-2000-1139 | 0.00 | — | 0.05 | Jan 9, 2001 | The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. | |||
| CVE-2000-0216 | 0.00 | — | 0.05 | Feb 29, 2000 | Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution… | |||
| CVE-1999-1322 | 0.00 | — | 0.01 | Nov 12, 1998 | The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext. |
- CVE-2019-1136Jul 29, 2019risk 0.00cvss —epss 0.03
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
- CVE-2019-0858Apr 9, 2019risk 0.00cvss —epss 0.02
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817.
- CVE-2019-0817Apr 9, 2019risk 0.00cvss —epss 0.02
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.
- CVE-2019-0588Jan 8, 2019risk 0.00cvss —epss 0.05
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.
- CVE-2018-8604Dec 12, 2018risk 0.00cvss —epss 0.03
A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.
- CVE-2015-1771Jun 10, 2015risk 0.00cvss —epss 0.06
Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability."
- CVE-2005-0738May 2, 2005risk 0.00cvss —epss 0.05
Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a…
- CVE-2002-1876Dec 31, 2002risk 0.00cvss —epss 0.05
Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
- CVE-2002-0507Aug 12, 2002risk 0.00cvss —epss 0.02
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually…
- CVE-2001-0666Oct 30, 2001risk 0.00cvss —epss 0.02
Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
- CVE-2000-1139Jan 9, 2001risk 0.00cvss —epss 0.05
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
- CVE-2000-0216Feb 29, 2000risk 0.00cvss —epss 0.05
Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution…
- CVE-1999-1322Nov 12, 1998risk 0.00cvss —epss 0.01
The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.
Page 12 of 12