CVE-2019-1084
CVE-2019-1084
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 5.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
15 Jul 2019Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
Affected products
Microsoft · Mail and CalendarMicrosoft · Microsoft Exchange ServerMicrosoft · Microsoft Exchange Server 2013Microsoft · Microsoft Exchange Server 2016Microsoft · Microsoft Exchange Server 2019Microsoft · Microsoft LyncMicrosoft · Microsoft Lync BasicMicrosoft · Microsoft OfficeMicrosoft · Microsoft OutlookMicrosoft · Microsoft Outlook for AndroidMicrosoft · Office 365 ProPlusMicrosoft · Outlook for iOSMicrosoft · Skype for BusinessMicrosoft · Skype for Business Basic