Refine your search
9 vulnerabilities found for Microsoft Outlook for Android by Microsoft
CVE-2026-26133 (GCVE-0-2026-26133)
Vulnerability from cvelistv5
Published
2026-03-13 21:10
Modified
2026-04-14 16:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26133",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-16T14:24:19.473896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-16T14:24:30.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft 365 Copilot for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19815.10000",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft 365 Copilot for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.107.2",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Edge for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "145.3800.99",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Edge for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "145.3800.99",
"status": "affected",
"version": "1.0.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Excel for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19822.20038",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Excel for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.106.26020617",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Loop for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.106.26020617",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft OneNote",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.106.26020617",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft OneNote for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19725.20142",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Outlook for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.2605",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Outlook for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.2605",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Outlook for Mac",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.2605",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft PowerBI for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.2.260210.21290750",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft PowerBI for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2.260302.2193910",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft PowerPoint for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19822.20038",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft PowerPoint for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.106.26020617",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Teams for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.0.0.2026043102",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Teams for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "8.3.1",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Word for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.19822.20038",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"product": "Microsoft Word for iOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "2.106.26020617",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_ios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.106.26020617",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "5.2605",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook_2016:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.2605",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_copilot_iOS:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.107.2",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
"versionEndExcluding": "145.3800.99",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "8.3.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
"versionEndExcluding": "1.0.0.2026043102",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:android:*:*",
"versionEndExcluding": "16.0.19822.20038",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:android:*:*",
"versionEndExcluding": "16.0.19822.20038",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:iOS:*:*:*:*:*",
"versionEndExcluding": "2.106.26020617",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:word:*:*:iOS:*:*:*:*:*",
"versionEndExcluding": "2.106.26020617",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:loop:*:*:iOS:*:*:*:*:*",
"versionEndExcluding": "2.106.26020617",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "5.2605",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:365_copilot_Android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.19815.10000",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:power_bi_android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.2.260210.21290750",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:power_bi_iOS:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2.260302.2193910",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:onenote_for_android:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0.19725.20142",
"versionStartIncluding": "16.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "145.3800.99",
"versionStartIncluding": "1.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:android:*:*",
"versionEndExcluding": "16.0.19822.20038",
"versionStartIncluding": "16.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:excel:*:*:iOS:*:*:*:*:*",
"versionEndExcluding": "2.106.26020617",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2026-03-12T14:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T16:36:44.731Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "M365 Copilot Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133"
}
],
"title": "M365 Copilot Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2026-26133",
"datePublished": "2026-03-13T21:10:13.535Z",
"dateReserved": "2026-02-11T16:24:51.133Z",
"dateUpdated": "2026-04-14T16:36:44.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-29805 (GCVE-0-2025-29805)
Vulnerability from cvelistv5
Published
2025-04-08 17:24
Modified
2026-02-13 19:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Outlook for Android |
Version: 1.0 < 4.2509.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T18:36:20.419378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T18:36:41.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Outlook for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.2509.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook_2016:*:*:*:*:*:android:*:*",
"versionEndExcluding": "4.2509.0",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-04-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:33:32.872Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Outlook for Android Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29805"
}
],
"title": "Outlook for Android Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-29805",
"datePublished": "2025-04-08T17:24:17.031Z",
"dateReserved": "2025-03-11T18:19:40.248Z",
"dateUpdated": "2026-02-13T19:33:32.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-21259 (GCVE-0-2025-21259)
Vulnerability from cvelistv5
Published
2025-02-11 17:58
Modified
2026-02-13 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Summary
Microsoft Outlook Spoofing Vulnerability
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Outlook for Android |
Version: 1.0 < 4.2501.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-21259",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-11T19:18:00.907619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T19:28:25.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Outlook for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.2501.1",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook_2016:*:*:*:*:*:android:*:*",
"versionEndExcluding": "4.2501.1",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-02-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Outlook Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T19:44:22.708Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Outlook Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21259"
}
],
"title": "Microsoft Outlook Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-21259",
"datePublished": "2025-02-11T17:58:20.856Z",
"dateReserved": "2024-12-10T23:54:12.934Z",
"dateUpdated": "2026-02-13T19:44:22.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43604 (GCVE-0-2024-43604)
Vulnerability from cvelistv5
Published
2024-10-08 17:35
Modified
2025-07-08 15:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1220 - Insufficient Granularity of Access Control
Summary
Outlook for Android Elevation of Privilege Vulnerability
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Outlook for Android |
Version: 1.0 < 4.2435.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43604",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T18:50:23.357465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-09T19:50:41.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Outlook for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.2435.2",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:android:*:*",
"versionEndExcluding": "4.2435.2",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-10-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Outlook for Android Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "CWE-1220: Insufficient Granularity of Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:38:43.857Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Outlook for Android Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43604"
}
],
"title": "Outlook for Android Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-43604",
"datePublished": "2024-10-08T17:35:33.667Z",
"dateReserved": "2024-08-14T01:08:33.551Z",
"dateUpdated": "2025-07-08T15:38:43.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26204 (GCVE-0-2024-26204)
Vulnerability from cvelistv5
Published
2024-03-12 16:58
Modified
2025-05-03 00:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
Outlook for Android Information Disclosure Vulnerability
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Outlook for Android |
Version: 1.0 < 4.2404.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T18:32:49.487060Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:09:58.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:32.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Outlook for Android Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Outlook for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "4.2404.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:android:*:*",
"versionEndExcluding": "4.2404.0",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-03-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Outlook for Android Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:47:11.390Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Outlook for Android Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26204"
}
],
"title": "Outlook for Android Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-26204",
"datePublished": "2024-03-12T16:58:14.361Z",
"dateReserved": "2024-02-14T22:23:54.103Z",
"dateUpdated": "2025-05-03T00:47:11.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24480 (GCVE-0-2022-24480)
Vulnerability from cvelistv5
Published
2022-12-13 00:00
Modified
2025-07-22 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
Outlook for Android Elevation of Privilege Vulnerability
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Outlook for Android |
Version: 1.0 < Publication |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:55.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Outlook for Android Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24480"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-02T19:37:57.971252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T20:06:42.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Outlook for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook_2016:*:*:*:*:*:android:*:*",
"versionEndExcluding": "Publication",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-12-13T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Outlook for Android Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T17:49:47.734Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Outlook for Android Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24480"
}
],
"title": "Outlook for Android Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-24480",
"datePublished": "2022-12-13T00:00:00.000Z",
"dateReserved": "2022-02-05T00:00:00.000Z",
"dateUpdated": "2025-07-22T17:49:47.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1460 (GCVE-0-2019-1460)
Vulnerability from cvelistv5
Published
2020-01-24 20:50
Modified
2024-08-04 18:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Outlook for Android |
Version: unspecified |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:20:28.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Outlook for Android",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka \u0027Outlook for Android Spoofing Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-24T20:50:28.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1460"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Outlook for Android",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka \u0027Outlook for Android Spoofing Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1460",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1460"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1460",
"datePublished": "2020-01-24T20:50:28.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T18:20:28.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1105 (GCVE-0-2019-1105)
Vulnerability from cvelistv5
Published
2019-07-29 14:07
Modified
2025-05-20 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.
The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.
The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Outlook for Android |
Version: 1.0 < Publication |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:31.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Outlook for Android",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Publication",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:android:*:*",
"versionEndExcluding": "Publication",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2019-06-20T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.\nThe attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user.\nThe security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T17:49:51.518Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Outlook for Android Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1105"
}
],
"title": "Outlook for Android Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1105",
"datePublished": "2019-07-29T14:07:59.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2025-05-20T17:49:51.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1084 (GCVE-0-2019-1084)
Vulnerability from cvelistv5
Published
2019-07-15 18:56
Modified
2024-08-04 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka 'Microsoft Exchange Information Disclosure Vulnerability'.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Exchange Server |
Version: 2010 Service Pack 3 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:31.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Exchange Server",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 3"
}
]
},
{
"product": "Microsoft Outlook",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2010 Service Pack 2 (32-bit editions)"
},
{
"status": "affected",
"version": "2010 Service Pack 2 (64-bit editions)"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
}
]
},
{
"product": "Microsoft Office",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit editions)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit editions)"
},
{
"status": "affected",
"version": "2013 RT Service Pack 1"
},
{
"status": "affected",
"version": "2016 for Mac"
},
{
"status": "affected",
"version": "2016 (32-bit edition)"
},
{
"status": "affected",
"version": "2016 (64-bit edition)"
},
{
"status": "affected",
"version": "2019 for 32-bit editions"
},
{
"status": "affected",
"version": "2019 for 64-bit editions"
},
{
"status": "affected",
"version": "2019 for Mac"
}
]
},
{
"product": "Microsoft Lync",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit)"
}
]
},
{
"product": "Microsoft Lync Basic",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2013 Service Pack 1 (32-bit)"
},
{
"status": "affected",
"version": "2013 Service Pack 1 (64-bit)"
}
]
},
{
"product": "Microsoft Outlook for Android",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Skype for Business",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 (32-bit)"
},
{
"status": "affected",
"version": "2016 (64-bit)"
}
]
},
{
"product": "Skype for Business Basic",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2016 (32-bit)"
},
{
"status": "affected",
"version": "2016 (64-bit)"
}
]
},
{
"product": "Office 365 ProPlus",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "32-bit Systems"
},
{
"status": "affected",
"version": "64-bit Systems"
}
]
},
{
"product": "Microsoft Exchange Server 2016",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Cumulative Update 12"
},
{
"status": "affected",
"version": "Cumulative Update 13"
}
]
},
{
"product": "Microsoft Exchange Server 2019",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Cumulative Update 1"
},
{
"status": "affected",
"version": "Cumulative Update 2"
}
]
},
{
"product": "Microsoft Exchange Server 2013",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "Cumulative Update 23"
}
]
},
{
"product": "Mail and Calendar",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
},
{
"product": "Outlook for iOS",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka \u0027Microsoft Exchange Information Disclosure Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-15T18:56:21.000Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-1084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Outlook",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2016 for Mac"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "2019 for Mac"
}
]
}
},
{
"product_name": "Microsoft Lync",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1 (32-bit)"
},
{
"version_value": "2013 Service Pack 1 (64-bit)"
}
]
}
},
{
"product_name": "Microsoft Lync Basic",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1 (32-bit)"
},
{
"version_value": "2013 Service Pack 1 (64-bit)"
}
]
}
},
{
"product_name": "Microsoft Outlook for Android",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Skype for Business",
"version": {
"version_data": [
{
"version_value": "2016 (32-bit)"
},
{
"version_value": "2016 (64-bit)"
}
]
}
},
{
"product_name": "Skype for Business Basic",
"version": {
"version_data": [
{
"version_value": "2016 (32-bit)"
},
{
"version_value": "2016 (64-bit)"
}
]
}
},
{
"product_name": "Office 365 ProPlus",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "64-bit Systems"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 12"
},
{
"version_value": "Cumulative Update 13"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 1"
},
{
"version_value": "Cumulative Update 2"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2013",
"version": {
"version_data": [
{
"version_value": "Cumulative Update 23"
}
]
}
},
{
"product_name": "Mail and Calendar",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
},
{
"product_name": "Outlook for iOS",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain invisible. This security update addresses the issue by validating display names upon creation in Microsoft Exchange, and by rendering invalid display names correctly in Microsoft Outlook clients., aka \u0027Microsoft Exchange Information Disclosure Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1084",
"datePublished": "2019-07-15T18:56:21.000Z",
"dateReserved": "2018-11-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T18:06:31.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}