CVE-2019-1137 - Vulnerability Details

Vendors	Products
Microsoft	Exchange Server

Link	Providers
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Microsoft Exchange Server 2016", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "Cumulative Update 12"}, {"status": "affected", "version": "Cumulative Update 13"}]}, {"product": "Microsoft Exchange Server 2019", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "Cumulative Update 1"}, {"status": "affected", "version": "Cumulative Update 2"}]}, {"product": "Microsoft Exchange Server 2013", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "Cumulative Update 23"}]}], "descriptions": [{"lang": "en", "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'."}], "problemTypes": [{"descriptions": [{"description": "Spoofing", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-29T14:14:05", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-1137", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Microsoft Exchange Server 2016", "version": {"version_data": [{"version_value": "Cumulative Update 12"}, {"version_value": "Cumulative Update 13"}]}}, {"product_name": "Microsoft Exchange Server 2019", "version": {"version_data": [{"version_value": "Cumulative Update 1"}, {"version_value": "Cumulative Update 2"}]}}, {"product_name": "Microsoft Exchange Server 2013", "version": {"version_data": [{"version_value": "Cumulative Update 23"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Spoofing"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:06:31.728Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-1137", "datePublished": "2019-07-29T14:14:05", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T18:06:31.728Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Microsoft Exchange Server 2016 (string)

vendor : Microsoft (string)

versions : [ »

0 : { »

status : affected (string)

version : Cumulative Update 12 (string)

}

1 : { »

status : affected (string)

version : Cumulative Update 13 (string)

}

]

}

1 : { »

product : Microsoft Exchange Server 2019 (string)

vendor : Microsoft (string)

versions : [ »

0 : { »

status : affected (string)

version : Cumulative Update 1 (string)

}

1 : { »

status : affected (string)

version : Cumulative Update 2 (string)

}

]

}

2 : { »

product : Microsoft Exchange Server 2013 (string)

vendor : Microsoft (string)

versions : [ »

0 : { »

status : affected (string)

version : Cumulative Update 23 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Spoofing (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-07-29T14:14:05 (string)

orgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

shortName : microsoft (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secure@microsoft.com (string)

ID : CVE-2019-1137 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Microsoft Exchange Server 2016 (string)

version : { »

version_data : [ »

0 : { »

version_value : Cumulative Update 12 (string)

}

1 : { »

version_value : Cumulative Update 13 (string)

}

]

}

1 : { »

product_name : Microsoft Exchange Server 2019 (string)

version : { »

version_data : [ »

0 : { »

version_value : Cumulative Update 1 (string)

}

1 : { »

version_value : Cumulative Update 2 (string)

}

]

}

2 : { »

product_name : Microsoft Exchange Server 2013 (string)

version : { »

version_data : [ »

0 : { »

version_value : Cumulative Update 23 (string)

}

]

}

]

}

vendor_name : Microsoft (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Spoofing (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137 (string)

refsource : MISC (string)

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T18:06:31.728Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

assignerShortName : microsoft (string)

cveId : CVE-2019-1137 (string)

datePublished : 2019-07-29T14:14:05 (string)

dateReserved : 2018-11-26T00:00:00 (string)

dateUpdated : 2024-08-04T18:06:31.728Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:-:*:*:*:*:*:*", "matchCriteriaId": "27EF8DB7-D5A0-47A8-9F69-7D0259490D69", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_1:*:*:*:*:*:*", "matchCriteriaId": "965D1161-47A9-465C-ADF7-ED7163A09685", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_10:*:*:*:*:*:*", "matchCriteriaId": "E2D3E12E-5872-4775-8F4D-24C1BB315195", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_11:*:*:*:*:*:*", "matchCriteriaId": "5F21DAA0-7075-41E1-96BD-F3D77D237248", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_12:*:*:*:*:*:*", "matchCriteriaId": "D0CE2398-7B53-4F42-BF77-660A52CDD5E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_13:*:*:*:*:*:*", "matchCriteriaId": "1FF4FB22-54EE-479D-903E-62C0A70083D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_14:*:*:*:*:*:*", "matchCriteriaId": "50E65149-EAEC-422F-ACCD-5FBE8512942A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_15:*:*:*:*:*:*", "matchCriteriaId": "ACFD3751-7597-4246-A1D6-E50B94A1549E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_16:*:*:*:*:*:*", "matchCriteriaId": "AD8BCE7D-51F0-41A2-A110-71044844C651", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_17:*:*:*:*:*:*", "matchCriteriaId": "3A170414-3B67-4A2E-B788-7DA125F06C7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_18:*:*:*:*:*:*", "matchCriteriaId": "41D7F6EA-BFFE-4AAA-A866-D412545552C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_19:*:*:*:*:*:*", "matchCriteriaId": "20E4796E-3E9B-473E-A7E3-498540185FBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_2:*:*:*:*:*:*", "matchCriteriaId": "98E44DB0-586F-4CD3-B02B-33F2486FDD26", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_20:*:*:*:*:*:*", "matchCriteriaId": "8076F450-BC75-420B-99F7-05D3CCA50E74", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*", "matchCriteriaId": "B560F8FD-068E-4A16-A37F-A62DCE88FCF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*", "matchCriteriaId": "751FD35F-2ECD-4B75-9589-988CC6AD3058", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", "matchCriteriaId": "DA166F2A-D83B-4D50-AD0B-668D813E0585", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_3:*:*:*:*:*:*", "matchCriteriaId": "E559127D-EF3D-463B-ACC9-CD09AB7148A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_5:*:*:*:*:*:*", "matchCriteriaId": "75C063F3-C2E5-4FF6-9C35-93CC1E6EC04F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_6:*:*:*:*:*:*", "matchCriteriaId": "F3C0FF4E-F33C-427C-88E7-D77D9C36D972", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_7:*:*:*:*:*:*", "matchCriteriaId": "0CEBECD2-15D7-4344-85F6-92671E4190C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_8:*:*:*:*:*:*", "matchCriteriaId": "6DB7597A-64B0-48F1-AC53-723624B08B16", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_9:*:*:*:*:*:*", "matchCriteriaId": "38BAC543-C664-4FFC-B55A-9409372550B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "0C21F84B-E99C-451D-9EAF-6352FD2B0EAF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:-:*:*:*:*:*:*", "matchCriteriaId": "8039FBA1-73D4-4FF2-B183-0DCC961CBFF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_1:*:*:*:*:*:*", "matchCriteriaId": "56728785-188C-470A-9692-E6C7235109CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*", "matchCriteriaId": "63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*", "matchCriteriaId": "9BE04790-85A2-4078-88CE-1787BC5172E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*", "matchCriteriaId": "CCF101BE-27FD-4E2D-A694-C606BD3D1ED7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*", "matchCriteriaId": "4DF5BDB5-205D-4B64-A49A-0152AFCF4A13", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_2:*:*:*:*:*:*", "matchCriteriaId": "996163E7-6F3F-4D3B-AEA4-62A7F7E1F54D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_3:*:*:*:*:*:*", "matchCriteriaId": "FE401B0A-DDE4-4A36-8E27-6DB14E094BE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_4:*:*:*:*:*:*", "matchCriteriaId": "450319C4-7C8F-43B7-B7F8-80DA4F1F2817", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_5:*:*:*:*:*:*", "matchCriteriaId": "23015889-48AF-40A5-862F-290E73A54E77", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_6:*:*:*:*:*:*", "matchCriteriaId": "4FC34516-D7E7-4AD9-9B45-5474831548E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_7:*:*:*:*:*:*", "matchCriteriaId": "5211792E-5292-41C0-B7E9-8AA63EC606EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*", "matchCriteriaId": "075E907F-AF2F-4C31-86C7-51972BE412A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*", "matchCriteriaId": "69AF19DC-3D65-49A8-A85F-511085CDF27B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:*", "matchCriteriaId": "40D8A6DB-9225-4A3F-AD76-192F6CCCF002", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*", "matchCriteriaId": "051DE6C4-7456-4C42-BC51-253208AADB4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*", "matchCriteriaId": "EE320413-D2C9-4B28-89BF-361B44A3F0FF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de tipo Cross-site Scripting (XSS) cuando Microsoft Exchange Server no sanea apropiadamente una petici\u00f3n web especialmente dise\u00f1ada para un servidor de Exchange afectado, tambi\u00e9n se conoce como 'Microsoft Exchange Server Spoofing Vulnerability'."}], "id": "CVE-2019-1137", "lastModified": "2024-11-21T04:36:05.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-15T19:15:21.327", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:-:*:*:*:*:*:* (string)

matchCriteriaId : 27EF8DB7-D5A0-47A8-9F69-7D0259490D69 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_1:*:*:*:*:*:* (string)

matchCriteriaId : 965D1161-47A9-465C-ADF7-ED7163A09685 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_10:*:*:*:*:*:* (string)

matchCriteriaId : E2D3E12E-5872-4775-8F4D-24C1BB315195 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_11:*:*:*:*:*:* (string)

matchCriteriaId : 5F21DAA0-7075-41E1-96BD-F3D77D237248 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_12:*:*:*:*:*:* (string)

matchCriteriaId : D0CE2398-7B53-4F42-BF77-660A52CDD5E6 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_13:*:*:*:*:*:* (string)

matchCriteriaId : 1FF4FB22-54EE-479D-903E-62C0A70083D5 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_14:*:*:*:*:*:* (string)

matchCriteriaId : 50E65149-EAEC-422F-ACCD-5FBE8512942A (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_15:*:*:*:*:*:* (string)

matchCriteriaId : ACFD3751-7597-4246-A1D6-E50B94A1549E (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_16:*:*:*:*:*:* (string)

matchCriteriaId : AD8BCE7D-51F0-41A2-A110-71044844C651 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_17:*:*:*:*:*:* (string)

matchCriteriaId : 3A170414-3B67-4A2E-B788-7DA125F06C7D (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_18:*:*:*:*:*:* (string)

matchCriteriaId : 41D7F6EA-BFFE-4AAA-A866-D412545552C6 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_19:*:*:*:*:*:* (string)

matchCriteriaId : 20E4796E-3E9B-473E-A7E3-498540185FBF (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_2:*:*:*:*:*:* (string)

matchCriteriaId : 98E44DB0-586F-4CD3-B02B-33F2486FDD26 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_20:*:*:*:*:*:* (string)

matchCriteriaId : 8076F450-BC75-420B-99F7-05D3CCA50E74 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:* (string)

matchCriteriaId : B560F8FD-068E-4A16-A37F-A62DCE88FCF2 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:* (string)

matchCriteriaId : 751FD35F-2ECD-4B75-9589-988CC6AD3058 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* (string)

matchCriteriaId : DA166F2A-D83B-4D50-AD0B-668D813E0585 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_3:*:*:*:*:*:* (string)

matchCriteriaId : E559127D-EF3D-463B-ACC9-CD09AB7148A2 (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_5:*:*:*:*:*:* (string)

matchCriteriaId : 75C063F3-C2E5-4FF6-9C35-93CC1E6EC04F (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_6:*:*:*:*:*:* (string)

matchCriteriaId : F3C0FF4E-F33C-427C-88E7-D77D9C36D972 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_7:*:*:*:*:*:* (string)

matchCriteriaId : 0CEBECD2-15D7-4344-85F6-92671E4190C4 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_8:*:*:*:*:*:* (string)

matchCriteriaId : 6DB7597A-64B0-48F1-AC53-723624B08B16 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_9:*:*:*:*:*:* (string)

matchCriteriaId : 38BAC543-C664-4FFC-B55A-9409372550B7 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:* (string)

matchCriteriaId : 0C21F84B-E99C-451D-9EAF-6352FD2B0EAF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2016:-:*:*:*:*:*:* (string)

matchCriteriaId : 8039FBA1-73D4-4FF2-B183-0DCC961CBFF7 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_1:*:*:*:*:*:* (string)

matchCriteriaId : 56728785-188C-470A-9692-E6C7235109CA (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:* (string)

matchCriteriaId : 63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:* (string)

matchCriteriaId : 9BE04790-85A2-4078-88CE-1787BC5172E7 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:* (string)

matchCriteriaId : CCF101BE-27FD-4E2D-A694-C606BD3D1ED7 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:* (string)

matchCriteriaId : 4DF5BDB5-205D-4B64-A49A-0152AFCF4A13 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_2:*:*:*:*:*:* (string)

matchCriteriaId : 996163E7-6F3F-4D3B-AEA4-62A7F7E1F54D (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_3:*:*:*:*:*:* (string)

matchCriteriaId : FE401B0A-DDE4-4A36-8E27-6DB14E094BE2 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_4:*:*:*:*:*:* (string)

matchCriteriaId : 450319C4-7C8F-43B7-B7F8-80DA4F1F2817 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_5:*:*:*:*:*:* (string)

matchCriteriaId : 23015889-48AF-40A5-862F-290E73A54E77 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_6:*:*:*:*:*:* (string)

matchCriteriaId : 4FC34516-D7E7-4AD9-9B45-5474831548E0 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_7:*:*:*:*:*:* (string)

matchCriteriaId : 5211792E-5292-41C0-B7E9-8AA63EC606EE (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:* (string)

matchCriteriaId : 075E907F-AF2F-4C31-86C7-51972BE412A1 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:* (string)

matchCriteriaId : 69AF19DC-3D65-49A8-A85F-511085CDF27B (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:* (string)

matchCriteriaId : 40D8A6DB-9225-4A3F-AD76-192F6CCCF002 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:* (string)

matchCriteriaId : 051DE6C4-7456-4C42-BC51-253208AADB4E (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:* (string)

matchCriteriaId : EE320413-D2C9-4B28-89BF-361B44A3F0FF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'. (string)

}

1 : { »

lang : es (string)

value : Se presenta una vulnerabilidad de tipo Cross-site Scripting (XSS) cuando Microsoft Exchange Server no sanea apropiadamente una petición web especialmente diseñada para un servidor de Exchange afectado, también se conoce como 'Microsoft Exchange Server Spoofing Vulnerability'. (string)

}

]

id : CVE-2019-1137 (string)

lastModified : 2024-11-21T04:36:05.423 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 3.5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:S/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-07-15T19:15:21.327 (string)

references : [ »

0 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137 (string)

}

]

sourceIdentifier : secure@microsoft.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object