Vulnerabilities > CVE-2020-16969 - Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW Summary
<p>An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.</p> <p>To exploit the vulnerability, an attacker could include specially crafted OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems.</p> <p>The security update corrects the way that Exchange handles these token validations.</p>
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |