CVE-2016-0138

Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."

Published: Sep 14, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-0138
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
microsoft / exchange_server	2010-sp3	2010-sp3.x
microsoft / exchange_server	2013-cumulative_update_13	2013-cumulative_update_13.x
microsoft / exchange_server	2016-cumulative_update_1	2016-cumulative_update_1.x
microsoft / exchange_server	2007-sp3	2007-sp3.x
microsoft / exchange_server	2013-sp1	2013-sp1.x
microsoft / exchange_server	2013-cumulative_update_12	2013-cumulative_update_12.x
microsoft / exchange_server	2016-cumulative_update_2	2016-cumulative_update_2.x

Vulnerability Database

289,697

CVE-2016-0138