CVE-2022-34692: Microsoft Exchange Server Information Disclosure Vulnerability

Overview

Severity: Medium (CVSS 5.3)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C
Category: Information Disclosure
Exploit Status: Not Exploited
Exploitation Likelihood: Less Likely
Patch Tuesday: 2022-Aug
Released: 2022-08-09
EPSS Score: 1.47% (percentile: 81.0%)

FAQ

What type of information could be disclosed by this vulnerability? An attacker who successfully exploited the vulnerability could read targeted email messages.

Affected Products (4)

Server Software

Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft Exchange Server 2016 Cumulative Update 22

Security Updates (4)

5015322
5015322
5015322
5015322

Acknowledgments

<a href="https://twitter.com/orange_8361">Orange Tsai (@orange_8361)</a> with <a href="https://devco.re/">DEVCORE</a>

Revision History

2022-08-09: Information published.