CVE Tools
Sign in

CVE-2020-16969

Microsoft Exchange Information Disclosure Vulnerability

Published: Oct 16, 2020Updated: Feb 23, 2026 Sources: CVE List NVD BDUNVD-CWE-Other
7.1HIGH
NVD MITRE
EPSS Score
2.5%
Top 17.1%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

<p>An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.</p> <p>To exploit the vulnerability, an attacker could include specially crafted OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems.</p> <p>The security update corrects the way that Exchange handles these token validations.</p>

No summary for this CVE yet.

CVSS Vector Breakdown

AV:NAC:LPR:NUI:RS:CC:LI:LA:L
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:RUser Interaction
Required
Scope
S:CScope
Changed
Impact
C:LConfidentiality
Low
I:LIntegrity
Low
A:LAvailability
Low
Open in CVSS calculator →

Weaknesses

NVD-CWE-Other

Affected Products

Microsoft Exchange Server 2019 Cumulative Update 6Microsoft
On-premWeb App
Enterprise Software / itsm-monitoring
Microsoft Exchange Server 2016 Cumulative Update 17Microsoft
On-prem
Operating Systems / windows
Microsoft Exchange Server 2019 Cumulative Update 7Microsoft
On-premOS
Operating Systems / windows
Microsoft Exchange Server 2016 Cumulative Update 18Microsoft
On-premOS
Operating Systems / windows
Microsoft Exchange Server 2013 Cumulative Update 23Microsoft
On-prem
Enterprise Software / itsm-monitoring
microsoftcommercialUSOperating Systems
and 2 more affected products View all →

Exploitability

Official Patch Available
No detection template yetWe can run the check for you — a free external exposure review, no install. Check my exposure

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16969
portal.msrc.microsoft.com
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-16969&#13;
msrc.microsoft.com
https://www.cybersecurity-help.cz/vdb/SB2020101346
cybersecurity-help.cz

Timeline

Published
Oct 16, 2020
Last Updated
Feb 23, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2020-16969 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows