How severe is CVE-2020-16969?

High severity. CVSS v3 base score is 7.1 out of 10.

Vulnerability in Microsoft Exchange Server 2013 Cumulative Update 23

Q: What is CVE-2020-16969?

CVE-2020-16969 is a high-severity vulnerability in Microsoft Exchange Server 2013 Cumulative Update 23. CVSS score: 7.1/10. Published 2020-10-16.

CVE-2020-16969

<p>An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.</…

EPSS: 0.009 (75.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C.

Affected products

Microsoft Exchange Server 2013 Cumulative Update 23 — versions 15.00.0
Microsoft Exchange Server 2016 Cumulative Update 17 — versions 15.01.0
Microsoft Exchange Server 2016 Cumulative Update 18 — versions 15.01.0
Microsoft Exchange Server 2019 Cumulative Update 6 — versions 15.02.0
Microsoft Exchange Server 2019 Cumulative Update 7 — versions 15.02.0

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16969 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-16969?: CVE-2020-16969 is a high-severity vulnerability in Microsoft Exchange Server 2013 Cumulative Update 23. CVSS score: 7.1/10. Published 2020-10-16.
How severe is CVE-2020-16969?: High severity. CVSS v3 base score is 7.1 out of 10.