What is the severity of CVE-2019-1137?

CVE-2019-1137 is classified as a critical cross-site scripting (XSS) vulnerability affecting Microsoft Exchange Server.

How do I fix CVE-2019-1137?

To remediate CVE-2019-1137, apply the latest security updates provided by Microsoft for your version of Exchange Server.

Which versions of Microsoft Exchange Server are affected by CVE-2019-1137?

CVE-2019-1137 affects Microsoft Exchange Server 2013, 2016, and 2019.

What type of vulnerability is CVE-2019-1137?

CVE-2019-1137 is a cross-site scripting (XSS) vulnerability that arises from improper sanitization of web requests.

Can CVE-2019-1137 lead to data compromise?

Yes, exploitation of CVE-2019-1137 may allow attackers to execute scripts in the context of a user's session, potentially leading to data compromise.

Vulnerability/
CVE-2019-1137

medium

5.4

CWE

15/7/2019

29/7/2019

4/8/2024

CVE-2019-1137: XSS

First published: Mon Jul 15 2019(Updated: )

A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Exchange Server	=2013
Microsoft Exchange Server	=2013-cumulative_update_1
Microsoft Exchange Server	=2013-cumulative_update_10
Microsoft Exchange Server	=2013-cumulative_update_11
Microsoft Exchange Server	=2013-cumulative_update_12
Microsoft Exchange Server	=2013-cumulative_update_13
Microsoft Exchange Server	=2013-cumulative_update_14
Microsoft Exchange Server	=2013-cumulative_update_15
Microsoft Exchange Server	=2013-cumulative_update_16
Microsoft Exchange Server	=2013-cumulative_update_17
Microsoft Exchange Server	=2013-cumulative_update_18
Microsoft Exchange Server	=2013-cumulative_update_19
Microsoft Exchange Server	=2013-cumulative_update_2
Microsoft Exchange Server	=2013-cumulative_update_20
Microsoft Exchange Server	=2013-cumulative_update_21
Microsoft Exchange Server	=2013-cumulative_update_22
Microsoft Exchange Server	=2013-cumulative_update_23
Microsoft Exchange Server	=2013-cumulative_update_3
Microsoft Exchange Server	=2013-cumulative_update_5
Microsoft Exchange Server	=2013-cumulative_update_6
Microsoft Exchange Server	=2013-cumulative_update_7
Microsoft Exchange Server	=2013-cumulative_update_8
Microsoft Exchange Server	=2013-cumulative_update_9
Microsoft Exchange Server	=2013-sp1
Microsoft Exchange Server	=2016
Microsoft Exchange Server	=2016-cumulative_update_1
Microsoft Exchange Server	=2016-cumulative_update_10
Microsoft Exchange Server	=2016-cumulative_update_11
Microsoft Exchange Server	=2016-cumulative_update_12
Microsoft Exchange Server	=2016-cumulative_update_13
Microsoft Exchange Server	=2016-cumulative_update_2
Microsoft Exchange Server	=2016-cumulative_update_3
Microsoft Exchange Server	=2016-cumulative_update_4
Microsoft Exchange Server	=2016-cumulative_update_5
Microsoft Exchange Server	=2016-cumulative_update_6
Microsoft Exchange Server	=2016-cumulative_update_7
Microsoft Exchange Server	=2016-cumulative_update_8
Microsoft Exchange Server	=2016-cumulative_update_9
Microsoft Exchange Server	=2019
Microsoft Exchange Server	=2019-cumulative_update_1
Microsoft Exchange Server	=2019-cumulative_update_2

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137

Never miss a vulnerability like this again

Reference Links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137

Frequently Asked Questions

What is the severity of CVE-2019-1137?
CVE-2019-1137 is classified as a critical cross-site scripting (XSS) vulnerability affecting Microsoft Exchange Server.
How do I fix CVE-2019-1137?
To remediate CVE-2019-1137, apply the latest security updates provided by Microsoft for your version of Exchange Server.
Which versions of Microsoft Exchange Server are affected by CVE-2019-1137?
CVE-2019-1137 affects Microsoft Exchange Server 2013, 2016, and 2019.
What type of vulnerability is CVE-2019-1137?
CVE-2019-1137 is a cross-site scripting (XSS) vulnerability that arises from improper sanitization of web requests.
Can CVE-2019-1137 lead to data compromise?
Yes, exploitation of CVE-2019-1137 may allow attackers to execute scripts in the context of a user's session, potentially leading to data compromise.

agent/type
agent/softwarecombine
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
agent/severity
agent/author
agent/references
agent/remedy
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
agent/source
vendor/microsoft
canonical/microsoft exchange server
version/microsoft exchange server/2013
version/microsoft exchange server/2013-cumulative_update_1
version/microsoft exchange server/2013-cumulative_update_10
version/microsoft exchange server/2013-cumulative_update_11
version/microsoft exchange server/2013-cumulative_update_12
version/microsoft exchange server/2013-cumulative_update_13
version/microsoft exchange server/2013-cumulative_update_14
version/microsoft exchange server/2013-cumulative_update_15
version/microsoft exchange server/2013-cumulative_update_16
version/microsoft exchange server/2013-cumulative_update_17
version/microsoft exchange server/2013-cumulative_update_18
version/microsoft exchange server/2013-cumulative_update_19
version/microsoft exchange server/2013-cumulative_update_2
version/microsoft exchange server/2013-cumulative_update_20
version/microsoft exchange server/2013-cumulative_update_21
version/microsoft exchange server/2013-cumulative_update_22
version/microsoft exchange server/2013-cumulative_update_23
version/microsoft exchange server/2013-cumulative_update_3
version/microsoft exchange server/2013-cumulative_update_5
version/microsoft exchange server/2013-cumulative_update_6
version/microsoft exchange server/2013-cumulative_update_7
version/microsoft exchange server/2013-cumulative_update_8
version/microsoft exchange server/2013-cumulative_update_9
version/microsoft exchange server/2013-sp1
version/microsoft exchange server/2016
version/microsoft exchange server/2016-cumulative_update_1
version/microsoft exchange server/2016-cumulative_update_10
version/microsoft exchange server/2016-cumulative_update_11
version/microsoft exchange server/2016-cumulative_update_12
version/microsoft exchange server/2016-cumulative_update_13
version/microsoft exchange server/2016-cumulative_update_2
version/microsoft exchange server/2016-cumulative_update_3
version/microsoft exchange server/2016-cumulative_update_4
version/microsoft exchange server/2016-cumulative_update_5
version/microsoft exchange server/2016-cumulative_update_6
version/microsoft exchange server/2016-cumulative_update_7
version/microsoft exchange server/2016-cumulative_update_8
version/microsoft exchange server/2016-cumulative_update_9
version/microsoft exchange server/2019
version/microsoft exchange server/2019-cumulative_update_1
version/microsoft exchange server/2019-cumulative_update_2

CVE-2019-1137: XSS

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-1137?

How do I fix CVE-2019-1137?

Which versions of Microsoft Exchange Server are affected by CVE-2019-1137?

What type of vulnerability is CVE-2019-1137?

Can CVE-2019-1137 lead to data compromise?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2019-1137?

How do I fix CVE-2019-1137?

Which versions of Microsoft Exchange Server are affected by CVE-2019-1137?

What type of vulnerability is CVE-2019-1137?

Can CVE-2019-1137 lead to data compromise?