Elevation of Privilege Vulnerability in Microsoft Exchange Server
CVE-2019-0724

8.1HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2010; Microsoft Exchange Server 2013; Microsoft Exchange Server 2016; Microsoft Exchange Server 2019
Vendor: CVE Published:; 5 March 2019

Summary

A vulnerability in Microsoft Exchange Server allows attackers to gain increased privileges and execute unauthorized commands. This flaw can be exploited to bypass security measures, potentially leading to compromised server integrity and unauthorized access to sensitive information. Organizations are advised to apply the latest security patches to safeguard their systems.

Affected Version(s)

Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 26

Microsoft Exchange Server 2013 Cumulative Update 22

Microsoft Exchange Server 2016 Cumulative Update 12

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/106906

vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2019
Vulnerability Reserved
Nov 26, 2018