fkie_cve-2019-1137
Vulnerability from fkie_nvd
Published
2019-07-15 19:15
Modified
2024-11-21 04:36
Severity ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:-:*:*:*:*:*:*",
"matchCriteriaId": "27EF8DB7-D5A0-47A8-9F69-7D0259490D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_1:*:*:*:*:*:*",
"matchCriteriaId": "965D1161-47A9-465C-ADF7-ED7163A09685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_10:*:*:*:*:*:*",
"matchCriteriaId": "E2D3E12E-5872-4775-8F4D-24C1BB315195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_11:*:*:*:*:*:*",
"matchCriteriaId": "5F21DAA0-7075-41E1-96BD-F3D77D237248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_12:*:*:*:*:*:*",
"matchCriteriaId": "D0CE2398-7B53-4F42-BF77-660A52CDD5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_13:*:*:*:*:*:*",
"matchCriteriaId": "1FF4FB22-54EE-479D-903E-62C0A70083D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_14:*:*:*:*:*:*",
"matchCriteriaId": "50E65149-EAEC-422F-ACCD-5FBE8512942A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_15:*:*:*:*:*:*",
"matchCriteriaId": "ACFD3751-7597-4246-A1D6-E50B94A1549E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_16:*:*:*:*:*:*",
"matchCriteriaId": "AD8BCE7D-51F0-41A2-A110-71044844C651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_17:*:*:*:*:*:*",
"matchCriteriaId": "3A170414-3B67-4A2E-B788-7DA125F06C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_18:*:*:*:*:*:*",
"matchCriteriaId": "41D7F6EA-BFFE-4AAA-A866-D412545552C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_19:*:*:*:*:*:*",
"matchCriteriaId": "20E4796E-3E9B-473E-A7E3-498540185FBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_2:*:*:*:*:*:*",
"matchCriteriaId": "98E44DB0-586F-4CD3-B02B-33F2486FDD26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_20:*:*:*:*:*:*",
"matchCriteriaId": "8076F450-BC75-420B-99F7-05D3CCA50E74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*",
"matchCriteriaId": "B560F8FD-068E-4A16-A37F-A62DCE88FCF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*",
"matchCriteriaId": "751FD35F-2ECD-4B75-9589-988CC6AD3058",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*",
"matchCriteriaId": "DA166F2A-D83B-4D50-AD0B-668D813E0585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_3:*:*:*:*:*:*",
"matchCriteriaId": "E559127D-EF3D-463B-ACC9-CD09AB7148A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_5:*:*:*:*:*:*",
"matchCriteriaId": "75C063F3-C2E5-4FF6-9C35-93CC1E6EC04F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_6:*:*:*:*:*:*",
"matchCriteriaId": "F3C0FF4E-F33C-427C-88E7-D77D9C36D972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_7:*:*:*:*:*:*",
"matchCriteriaId": "0CEBECD2-15D7-4344-85F6-92671E4190C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_8:*:*:*:*:*:*",
"matchCriteriaId": "6DB7597A-64B0-48F1-AC53-723624B08B16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_9:*:*:*:*:*:*",
"matchCriteriaId": "38BAC543-C664-4FFC-B55A-9409372550B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*",
"matchCriteriaId": "0C21F84B-E99C-451D-9EAF-6352FD2B0EAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:-:*:*:*:*:*:*",
"matchCriteriaId": "8039FBA1-73D4-4FF2-B183-0DCC961CBFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_1:*:*:*:*:*:*",
"matchCriteriaId": "56728785-188C-470A-9692-E6C7235109CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*",
"matchCriteriaId": "63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*",
"matchCriteriaId": "9BE04790-85A2-4078-88CE-1787BC5172E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*",
"matchCriteriaId": "CCF101BE-27FD-4E2D-A694-C606BD3D1ED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*",
"matchCriteriaId": "4DF5BDB5-205D-4B64-A49A-0152AFCF4A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_2:*:*:*:*:*:*",
"matchCriteriaId": "996163E7-6F3F-4D3B-AEA4-62A7F7E1F54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_3:*:*:*:*:*:*",
"matchCriteriaId": "FE401B0A-DDE4-4A36-8E27-6DB14E094BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_4:*:*:*:*:*:*",
"matchCriteriaId": "450319C4-7C8F-43B7-B7F8-80DA4F1F2817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_5:*:*:*:*:*:*",
"matchCriteriaId": "23015889-48AF-40A5-862F-290E73A54E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_6:*:*:*:*:*:*",
"matchCriteriaId": "4FC34516-D7E7-4AD9-9B45-5474831548E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_7:*:*:*:*:*:*",
"matchCriteriaId": "5211792E-5292-41C0-B7E9-8AA63EC606EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*",
"matchCriteriaId": "075E907F-AF2F-4C31-86C7-51972BE412A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*",
"matchCriteriaId": "69AF19DC-3D65-49A8-A85F-511085CDF27B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "40D8A6DB-9225-4A3F-AD76-192F6CCCF002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*",
"matchCriteriaId": "051DE6C4-7456-4C42-BC51-253208AADB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*",
"matchCriteriaId": "EE320413-D2C9-4B28-89BF-361B44A3F0FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka \u0027Microsoft Exchange Server Spoofing Vulnerability\u0027."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross-site Scripting (XSS) cuando Microsoft Exchange Server no sanea apropiadamente una petici\u00f3n web especialmente dise\u00f1ada para un servidor de Exchange afectado, tambi\u00e9n se conoce como \u0027Microsoft Exchange Server Spoofing Vulnerability\u0027."
}
],
"id": "CVE-2019-1137",
"lastModified": "2024-11-21T04:36:05.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-15T19:15:21.327",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…