Elevation of Privilege Vulnerability in Microsoft Exchange Server
CVE-2019-0686

7.4HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2010; Microsoft Exchange Server 2013; Microsoft Exchange Server 2016; Microsoft Exchange Server 2019
Vendor: CVE Published:; 5 March 2019

What is CVE-2019-0686?

An elevation of privilege vulnerability exists in Microsoft Exchange Server, allowing an authenticated attacker to execute code with elevated privileges. This could lead to unauthorized access to sensitive data and administrative functions. It is crucial for organizations using affected versions to apply necessary security updates to mitigate potential security risks.

Affected Version(s)

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 26

Microsoft Exchange Server 2013 Cumulative Update 22

Microsoft Exchange Server 2016 Cumulative Update 12

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/106937

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2019
Vulnerability Reserved
Nov 26, 2018