vulnerability

Microsoft Exchange: CVE-2020-16969: Microsoft Exchange Information Disclosure Vulnerability

Try Surface Command
Back to search
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Oct 16, 2020
Added
Aug 10, 2023
Modified
Aug 12, 2025

Description

<p>An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.</p>
<p>To exploit the vulnerability, an attacker could include specially crafted OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems.</p>
<p>The security update corrects the way that Exchange handles these token validations.</p>

Solutions

microsoft-exchange-exchange_server_2016_CU17-kb4581424microsoft-exchange-exchange_server_2016_CU18-kb4581424microsoft-exchange-exchange_server_2019_CU6-kb4581424microsoft-exchange-exchange_server_2019_CU7-kb4581424

References

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today