Microsoft Exchange Information Disclosure Vulnerability - CVE-2020-16969ID: oval:org.secpod.oval:def:66023 | Date: (C)2020-10-14 (M)2024-03-26 |
Class: VULNERABILITY | Family: windows |
An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user. To exploit the vulnerability, an attacker could include specially crafted OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems.
Platform: |
Microsoft Windows 10 |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Product: |
Microsoft Exchange Server 2013 |
Microsoft Exchange Server 2016 |
Microsoft Exchange Server 2019 |