CVE-2019-0588

Description

An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.

Affected products

• Microsoft / Microsoft Exchange Server2010 Service Pack 3 Update Rollup 25 – 2010 Service Pack 3 Update Rollup 25
• Microsoft / Microsoft Exchange Server2013 Cumulative Update 21 – 2013 Cumulative Update 21
• Microsoft / Microsoft Exchange Server2016 Cumulative Update 10 – 2016 Cumulative Update 10
• Microsoft / Microsoft Exchange Server2016 Cumulative Update 11 – 2016 Cumulative Update 11
• Microsoft / Microsoft Exchange Server2019 – 2019

References

• VENDOR_ADVISORYhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0588
• MISChttp://www.securityfocus.com/bid/106437