Описание
Microsoft Exchange Server Information Disclosure Vulnerability
FAQ
According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
An authenticated attacker could exploit this vulnerability with LAN access.
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.
According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?
Yes, the attacker must be authenticated with LAN-access and have credentials for a valid Exchange user.
What updates do I need to install to be protected from this vulnerability?
Customers need to install the August 2023 Exchange security updates which are listed in the Security Updates table. Customers who have already August 2023 security updates are already protected from this vulnerability.
Is there more information available?
Yes, please see September 2023 release of new Exchange Server CVEs for more information.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Exchange Server 2019 Cumulative Update 12 | ||
| Microsoft Exchange Server 2016 Cumulative Update 23 | ||
| Microsoft Exchange Server 2019 Cumulative Update 13 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
5.7 Medium
CVSS3
Связанные уязвимости
Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server Information Disclosure Vulnerability
Уязвимость класса ProjectInstance почтового сервера Microsoft Exchange Server, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
5.7 Medium
CVSS3