Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2019-1084

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.

  • Published: Jul 15, 2019
  • Updated: Apr 13, 2023
  • CVE: CVE-2019-1084
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

Software From Fixed in
microsoft / office 2013-sp1 2013-sp1.x
microsoft / exchange_server 2016-cumulative_update_1 2016-cumulative_update_1.x
microsoft / outlook 2016 2016.x
microsoft / office 2010-sp2 2010-sp2.x
microsoft / lync 2013-sp1 2013-sp1.x
microsoft / skype_for_business 2016 2016.x
microsoft / exchange_server 2016-cumulative_update_2 2016-cumulative_update_2.x
microsoft / outlook 2013-sp1 2013-sp1.x
microsoft / exchange_server 2010-sp2 2010-sp2.x
microsoft / office 2016 2016.x
microsoft / office 2019 2019.x
microsoft / skype_for_business_basic 2016 2016.x
microsoft / lync_basic 2013-sp1 2013-sp1.x
microsoft / exchange_server 2016-cumulative_update_12 2016-cumulative_update_12.x
microsoft / exchange_server 2013-cumulative_update_23 2013-cumulative_update_23.x
microsoft / exchange_server 2016-cumulative_update_13 2016-cumulative_update_13.x