The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Exchange

computer vulnerability alert 29506

Microsoft Exchange Server: security improvement

Synthesis of the vulnerability

The security of Microsoft Exchange Server was improved.
Impacted products: Exchange.
Severity: 1/4.
Consequences: no consequence.
Provenance: internet client.
Creation date: 12/06/2019.
Identifiers: CERTFR-2019-AVI-265, VIGILANCE-VUL-29506.

Description of the vulnerability

This bulletin is about a security improvement.

It does not describe a vulnerability.

The security of Microsoft Exchange Server was therefore improved.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2019-0817 CVE-2019-0858

Microsoft Exchange Server: Spoofing

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Exchange Server.
Impacted products: Exchange.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/04/2019.
Identifiers: CERTFR-2019-AVI-160, CVE-2019-0817, CVE-2019-0858, VIGILANCE-VUL-28990.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft Exchange Server.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2019-0686 CVE-2019-0724

Microsoft Exchange: vulnerabilities of February 2019

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Exchange.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/02/2019.
Identifiers: CERTFR-2019-AVI-065, CVE-2019-0686, CVE-2019-0724, VIGILANCE-VUL-28486.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 28384

Microsoft Exchange: privilege escalation via NTLM Relay Attack

Synthesis of the vulnerability

An attacker can bypass restrictions via NTLM Relay Attack of Microsoft Exchange, in order to escalate his privileges.
Impacted products: Exchange.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Creation date: 29/01/2019.
Identifiers: ADV190007, VIGILANCE-VUL-28384, VU#465632.

Description of the vulnerability

An attacker can bypass restrictions via NTLM Relay Attack of Microsoft Exchange, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-8604

Microsoft Exchange: privilege escalation via Profile Data Tampering

Synthesis of the vulnerability

An attacker can bypass restrictions via Profile Data Tampering of Microsoft Exchange, in order to escalate his privileges.
Impacted products: Exchange.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: user account.
Creation date: 12/12/2018.
Identifiers: CERTFR-2018-AVI-598, CVE-2018-8604, VIGILANCE-VUL-28009.

Description of the vulnerability

An attacker can bypass restrictions via Profile Data Tampering of Microsoft Exchange, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-8581

Microsoft Exchange Server: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Microsoft Exchange Server, in order to escalate his privileges.
Impacted products: Exchange.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 14/11/2018.
Identifiers: CERTFR-2018-AVI-554, CVE-2018-8581, VIGILANCE-VUL-27771, ZDI-18-1355.

Description of the vulnerability

An attacker can bypass restrictions of Microsoft Exchange Server, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-8265 CVE-2018-8448

Microsoft Exchange Server: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Exchange Server.
Impacted products: Exchange.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/10/2018.
Identifiers: CERTFR-2018-AVI-486, CVE-2018-8265, CVE-2018-8448, VIGILANCE-VUL-27450.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft Exchange Server.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-2768 CVE-2018-2801 CVE-2018-2806

Oracle Outside In Technology: vulnerabilities of April 2018

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle products.
Impacted products: Exchange, Oracle OIT.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 20/06/2018.
Identifiers: ADV180010, cpuapr2018, CVE-2018-2768, CVE-2018-2801, CVE-2018-2806, VIGILANCE-VUL-26457.

Description of the vulnerability

Several vulnerabilities were announced in Oracle products.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-0924 CVE-2018-0940 CVE-2018-0941

Microsoft Exchange Server: vulnerabilities of March 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Exchange.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 14/03/2018.
Identifiers: CERTFR-2018-AVI-133, CVE-2018-0924, CVE-2018-0940, CVE-2018-0941, VIGILANCE-VUL-25542.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-11932

Microsoft Exchange Server: vulnerabilities of December 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Exchange.
Severity: 2/4.
Consequences: data reading, data creation/edition, disguisement.
Provenance: document.
Creation date: 13/12/2017.
Identifiers: CERTFR-2017-AVI-468, CVE-2017-11932, VIGILANCE-VUL-24755.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Exchange: