CVE-2019-1137

Summary

A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Exchange Server 2016Cumulative Update 12affected
MicrosoftMicrosoft Exchange Server 2016Cumulative Update 13affected
MicrosoftMicrosoft Exchange Server 2019Cumulative Update 1affected
MicrosoftMicrosoft Exchange Server 2019Cumulative Update 2affected
MicrosoftMicrosoft Exchange Server 2013Cumulative Update 23affected

Weaknesses

  • Spoofing

ADP Enrichment

CVE Program Container

Additional References

References