VYPR

Exchange Server

by Microsoft

CVEs (233)

  • CVE-2019-1136Jul 29, 2019
    risk 0.00cvss epss 0.03

    An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.

  • CVE-2019-0858Apr 9, 2019
    risk 0.00cvss epss 0.02

    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0817.

  • CVE-2019-0817Apr 9, 2019
    risk 0.00cvss epss 0.02

    A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.

  • CVE-2019-0588Jan 8, 2019
    risk 0.00cvss epss 0.05

    An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2018-8604Dec 12, 2018
    risk 0.00cvss epss 0.03

    A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.

  • CVE-2015-1771Jun 10, 2015
    risk 0.00cvss epss 0.06

    Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka "Exchange Cross-Site Request Forgery Vulnerability."

  • CVE-2005-0738May 2, 2005
    risk 0.00cvss epss 0.05

    Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a…

  • CVE-2002-1876Dec 31, 2002
    risk 0.00cvss epss 0.05

    Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.

  • CVE-2002-0507Aug 12, 2002
    risk 0.00cvss epss 0.02

    An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually…

  • CVE-2001-0666Oct 30, 2001
    risk 0.00cvss epss 0.02

    Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.

  • CVE-2000-1139Jan 9, 2001
    risk 0.00cvss epss 0.05

    The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.

  • CVE-2000-0216Feb 29, 2000
    risk 0.00cvss epss 0.05

    Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution…

  • CVE-1999-1322Nov 12, 1998
    risk 0.00cvss epss 0.01

    The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.

Page 12 of 12