CVE-2020-16949 - Vulnerability Details

Vendors	Products
Microsoft	365 Apps Office Outlook Windows 10 Windows 7 Windows 8.1 Windows Rt 8.1 Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019

Link	Providers
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16949

Show plain JSON

{"containers": {"cna": {"title": "Microsoft Outlook Denial of Service Vulnerability", "datePublic": "2020-10-13T07:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "Microsoft Office 2019", "cpes": ["cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"], "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "19.0.0", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft 365 Apps for Enterprise", "cpes": ["cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"], "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.1", "lessThan": "https://aka.ms/OfficeSecurityReleases", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Outlook 2016", "cpes": ["cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:x86:*:*", "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:x64:*:*"], "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "16.0.0.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Outlook 2013 Service Pack 1", "cpes": ["cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:x86:*:*", "cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:*:x64:*", "cpe:2.3:a:microsoft:outlook:2013:*:*:*:rt:*:*:*"], "platforms": ["32-bit Systems", "x64-based Systems", "ARM64-based Systems"], "versions": [{"version": "15.0.0.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Outlook 2010 Service Pack 2", "cpes": ["cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*"], "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "13.0.0.0", "lessThan": "publication", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "<p>A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.</p>\n<p>Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.</p>\n", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2023-12-31T19:20:20.576Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16949"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:45:34.666Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16949"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-16949", "datePublished": "2020-10-16T22:18:02", "dateReserved": "2020-08-04T00:00:00", "dateUpdated": "2024-08-04T13:45:34.666Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

title : Microsoft Outlook Denial of Service Vulnerability (string)

datePublic : 2020-10-13T07:00:00+00:00 (string)

affected : [ »

0 : { »

vendor : Microsoft (string)

product : Microsoft Office 2019 (string)

cpes : [ »

0 : cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* (string)

]

platforms : [ »

0 : 32-bit Systems (string)

1 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 19.0.0 (string)

lessThan : https://aka.ms/OfficeSecurityReleases (string)

versionType : custom (string)

status : affected (string)

}

]

}

1 : { »

vendor : Microsoft (string)

product : Microsoft 365 Apps for Enterprise (string)

cpes : [ »

0 : cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:* (string)

]

platforms : [ »

0 : 32-bit Systems (string)

1 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 16.0.1 (string)

lessThan : https://aka.ms/OfficeSecurityReleases (string)

versionType : custom (string)

status : affected (string)

}

]

}

2 : { »

vendor : Microsoft (string)

product : Microsoft Outlook 2016 (string)

cpes : [ »

0 : cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:x86:*:* (string)

1 : cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:x64:*:* (string)

]

platforms : [ »

0 : 32-bit Systems (string)

1 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 16.0.0.0 (string)

lessThan : publication (string)

versionType : custom (string)

status : affected (string)

}

]

}

3 : { »

vendor : Microsoft (string)

product : Microsoft Outlook 2013 Service Pack 1 (string)

cpes : [ »

0 : cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:x86:*:* (string)

1 : cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:*:x64:* (string)

2 : cpe:2.3:a:microsoft:outlook:2013:*:*:*:rt:*:*:* (string)

]

platforms : [ »

0 : 32-bit Systems (string)

1 : x64-based Systems (string)

2 : ARM64-based Systems (string)

]

versions : [ »

0 : { »

version : 15.0.0.0 (string)

lessThan : publication (string)

versionType : custom (string)

status : affected (string)

}

]

}

4 : { »

vendor : Microsoft (string)

product : Microsoft Outlook 2010 Service Pack 2 (string)

cpes : [ »

0 : cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:* (string)

]

platforms : [ »

0 : 32-bit Systems (string)

1 : x64-based Systems (string)

]

versions : [ »

0 : { »

version : 13.0.0.0 (string)

lessThan : publication (string)

versionType : custom (string)

status : affected (string)

}

]

}

]

descriptions : [ »

0 : { »

value : A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server. The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory. (string)

lang : en-US (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Denial of Service (string)

lang : en-US (string)

type : Impact (string)

}

]

}

]

providerMetadata : { »

orgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

shortName : microsoft (string)

dateUpdated : 2023-12-31T19:20:20.576Z (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16949 (string)

}

]

metrics : [ »

0 : { »

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en-US (string)

value : GENERAL (string)

}

]

cvssV3_1 : { »

version : 3.1 (string)

baseSeverity : MEDIUM (string)

baseScore : 4.7 (number)

vectorString : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T13:45:34.666Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16949 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

assignerShortName : microsoft (string)

cveId : CVE-2020-16949 (string)

datePublished : 2020-10-16T22:18:02 (string)

dateReserved : 2020-08-04T00:00:00 (string)

dateUpdated : 2024-08-04T13:45:34.666Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*", "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*", "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*", "matchCriteriaId": "40C15EDD-98D4-4D06-BA06-21AE0F33C72D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:*", "matchCriteriaId": "C5282C83-86B8-442D-851D-B54E88E8B1F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:*", "matchCriteriaId": "F9A115C1-45EB-4688-AD7C-C1854850EE9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:*", "matchCriteriaId": "D7B6DF1E-0DDA-4809-B216-7CEFE0A53E2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:*", "matchCriteriaId": "DDA98A76-D0D1-4BFA-BEAC-1C2313F7B859", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*", "matchCriteriaId": "E2B1657C-0FF4-461A-BE2A-641275C4B0A0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "<p>A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.</p>\n<p>Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory.</p>\n"}, {"lang": "es", "value": "Se presenta una vulnerabilidad de denegaci\u00f3n de servicio en el software Microsoft Outlook cuando el software presenta un fallo al manejar apropiadamente objetos en memoria, tambi\u00e9n se conoce como \"Microsoft Outlook Denial of Service Vulnerability\""}], "id": "CVE-2020-16949", "lastModified": "2024-11-21T05:07:29.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2020-10-16T23:15:16.180", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16949"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16949"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 21540673-614A-4D40-8BD7-3F07723803B0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:* (string)

matchCriteriaId : E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:* (string)

matchCriteriaId : 83B14968-3985-43C3-ACE5-8307196EFAE3 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:* (string)

matchCriteriaId : 7CB85C75-4D35-480E-843D-60579EC75FCB (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:* (string)

matchCriteriaId : 6B8F3DD2-A145-4AF1-8545-CC42892DA3D1 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:* (string)

matchCriteriaId : 3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:* (string)

matchCriteriaId : E9273B95-20ED-4547-B0A8-95AD15B30372 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:* (string)

matchCriteriaId : AAE74AF3-C559-4645-A6C0-25C3D647AAC8 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:* (string)

matchCriteriaId : C2B1C231-DE19-4B8F-A4AA-5B3A65276E46 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E93068DB-549B-45AB-8E5C-00EB5D8B5CF8 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* (string)

matchCriteriaId : C6CE5198-C498-4672-AF4C-77AB4BE06C5C (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* (string)

matchCriteriaId : 5F422A8C-2C4E-42C8-B420-E0728037E15C (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* (string)

matchCriteriaId : AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A7DF96F8-BA6A-4780-9CA3-F719B3F81074 (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* (string)

matchCriteriaId : DB18C4CE-5917-401E-ACF7-2747084FD36E (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:* (string)

matchCriteriaId : 5B921FDB-8E7D-427E-82BE-4432585080CF (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:* (string)

matchCriteriaId : C253A63F-03AB-41CB-A03A-B2674DEA98AA (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:* (string)

matchCriteriaId : 0B60D940-80C7-49F0-8F4E-3F99AC15FA82 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DB79EE26-FC32-417D-A49C-A1A63165A968 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:* (string)

matchCriteriaId : 40C15EDD-98D4-4D06-BA06-21AE0F33C72D (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:*:* (string)

matchCriteriaId : C5282C83-86B8-442D-851D-B54E88E8B1F1 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:microsoft:outlook:2010:sp2:*:*:*:*:*:* (string)

matchCriteriaId : F9A115C1-45EB-4688-AD7C-C1854850EE9B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:*:*:*:* (string)

matchCriteriaId : D7B6DF1E-0DDA-4809-B216-7CEFE0A53E2B (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:microsoft:outlook:2013:sp1:*:*:rt:*:*:* (string)

matchCriteriaId : DDA98A76-D0D1-4BFA-BEAC-1C2313F7B859 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:* (string)

matchCriteriaId : E2B1657C-0FF4-461A-BE2A-641275C4B0A0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A denial of service vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system. Exploitation of the vulnerability requires that a specially crafted email be sent to a vulnerable Outlook server. The security update addresses the vulnerability by correcting how Microsoft Outlook handles objects in memory. (string)

}

1 : { »

lang : es (string)

value : Se presenta una vulnerabilidad de denegación de servicio en el software Microsoft Outlook cuando el software presenta un fallo al manejar apropiadamente objetos en memoria, también se conoce como "Microsoft Outlook Denial of Service Vulnerability" (string)

}

]

id : CVE-2020-16949 (string)

lastModified : 2024-11-21T05:07:29.533 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 4.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1 (number)

impactScore : 3.6 (number)

source : secure@microsoft.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Secondary (string)

}

]

}

published : 2020-10-16T23:15:16.180 (string)

references : [ »

0 : { »

source : secure@microsoft.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16949 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16949 (string)

}

]

sourceIdentifier : secure@microsoft.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-401 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object