ADV190004 — February 2019 Oracle Outside In Library Security Update
Executive Summary
Microsoft Exchange Server contains some elements of the Oracle Outside In libraries. The February 12, 2019 releases of Microsoft Exchange Server contain fixes to vulnerabilities which are described in: Oracle Critical Patch Update Advisory - October 2018 The following software releases include updates to address the identified vulnerabilities. Product versions or releases that are not listed are past their support life cycle or must be updated to the appropriate February 12, 2019 release of Microsoft Exchange Server to receive the fixes for these vulnerabilities.
Overview
EPSS Score
No EPSS score available for this CVE.
View on FIRST.orgAffected Products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 26 | 4487052 (Security Update) |
Unknown | Unknown | Maybe |
| Microsoft Exchange Server 2013 Cumulative Update 22 | 4345836 (Security Update) |
Unknown | Unknown | Maybe |
| Microsoft Exchange Server 2016 Cumulative Update 12 | 4471392 (Security Update) |
Unknown | Unknown | Maybe |
| Microsoft Exchange Server 2019 Cumulative Update 1 | 4471391 (Security Update) |
Unknown | Unknown | Maybe |
Patches
| Article | Type | Restart |
|---|---|---|
4487052 |
Security Update | Maybe |
4345836 |
Security Update | Maybe |
4471392 |
Security Update | Maybe |
4471391 |
Security Update | Maybe |
Known Exploits
Acknowledgments
Microsoft has not published researcher acknowledgments for this CVE, or they are not yet reflected in our data source. Check the MSRC advisory directly for the most current credit information.