Описание
Microsoft Exchange Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended. To exploit this vulnerability, an attacker would need to be granted contributor access to an Exchange Calendar by an administrator via PowerShell. The attacker would then be able to view additional details about the calendar that would normally be hidden.
The security update addresses the vulnerability by modifying how the Exchange PowerShell API grants permissions to contributors.
FAQ
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is miscellaneous details from calendar entries such as the subject of a meeting, which would otherwise not be disclosed.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Exchange Server 2013 Cumulative Update 21 | ||
| Microsoft Exchange Server 2016 Cumulative Update 10 | ||
| Microsoft Exchange Server 2019 | ||
| Microsoft Exchange Server 2016 Cumulative Update 11 | ||
| Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 25 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.
An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.
Уязвимость программного интерфейса PowerShell API почтового сервера Microsoft Exchange Server, позволяющая нарушителю получить доступ к защищаемой информации
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
EPSS