Vulnerabilites related to Microsoft - Microsoft Exchange Server 2013 Cumulative Update 23
cve-2020-17117
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Microsoft Exchange Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17117 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < publication cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.904Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17117", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 6", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 17", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 7", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 18", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T17:59:44.566Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17117", }, ], title: "Microsoft Exchange Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17117", datePublished: "2020-12-09T23:36:43", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:16.904Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26855
Vulnerability from cvelistv5
Published
2021-03-02 23:55
Modified
2025-02-04 19:17
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 19 |
Version: 15.01.0 < publication cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:33:40.999Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/162610/Microsoft-Exchange-2019-Unauthenticated-Email-Download.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-26855", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-02T18:10:15.970217Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-26855", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T19:17:24.302Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 3", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 14", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 4", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 15", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 5", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 6", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 16", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 17", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 7", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 18", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], datePublic: "2021-03-02T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T20:08:56.682Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/162610/Microsoft-Exchange-2019-Unauthenticated-Email-Download.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-26855", datePublished: "2021-03-02T23:55:26.000Z", dateReserved: "2021-02-08T00:00:00.000Z", dateUpdated: "2025-02-04T19:17:24.302Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28481
Vulnerability from cvelistv5
Published
2021-04-13 19:33
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28481 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Version: 15.02.0 < 15.02.0858.010 cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:47:31.811Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28481", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.010", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.008", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.015", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "15.01.2176.012", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.013", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-04-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T19:21:50.359Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28481", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-28481", datePublished: "2021-04-13T19:33:47", dateReserved: "2021-03-15T00:00:00", dateUpdated: "2024-08-03T21:47:31.811Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-17084
Vulnerability from cvelistv5
Published
2020-11-11 06:48
Modified
2024-09-10 15:52
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17084 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 6 |
Version: 15.02.0 < publication cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.370Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17084", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 6", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 17", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 7", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 18", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, ], datePublic: "2020-11-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:52:05.950Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17084", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17084", datePublished: "2020-11-11T06:48:32", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-09-10T15:52:05.950Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41040
Vulnerability from cvelistv5
Published
2022-10-03 00:00
Modified
2025-03-11 16:10
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.044 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.189Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040", }, { name: "VU#915563", tags: [ "third-party-advisory", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/915563", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-41040", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-23T21:11:09.910371Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-09-30", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41040", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T18:34:51.462Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.044", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.037", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.036", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.016", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.044", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.037", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.036", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.020", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.016", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-09-30T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:10:48.981Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41040", datePublished: "2022-10-03T00:00:00.000Z", dateReserved: "2022-09-19T00:00:00.000Z", dateUpdated: "2025-03-11T16:10:48.981Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41079
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-01-02 21:31
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.020 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.178Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.016", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.037", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.044", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.036", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.020", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.016", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.037", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.044", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.036", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-11-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:31:28.259Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41079", datePublished: "2022-11-09T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:31:28.259Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21855
Vulnerability from cvelistv5
Published
2022-01-11 20:22
Modified
2025-01-02 18:22
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21855 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.028 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:53:36.412Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21855", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.028", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.021", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.018", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.028", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*", versionEndExcluding: "15.01.2308.021", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*", versionEndExcluding: "15.02.0922.020", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.018", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.015", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-01-11T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:22:48.703Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21855", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21855", datePublished: "2022-01-11T20:22:28", dateReserved: "2021-12-14T00:00:00", dateUpdated: "2025-01-02T18:22:48.703Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31209
Vulnerability from cvelistv5
Published
2021-05-11 19:11
Modified
2025-02-28 19:57
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31209 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-615/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Version: 15.02.0 < 15.02.0858.012 cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:55:52.213Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31209", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-615/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-31209", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:25:48.678953Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-290", description: "CWE-290 Authentication Bypass by Spoofing", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T19:57:20.647Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.012", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.010", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.018", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "15.01.2176.014", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-05-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T23:57:05.943Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31209", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-615/", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31209", datePublished: "2021-05-11T19:11:43.000Z", dateReserved: "2021-04-14T00:00:00.000Z", dateUpdated: "2025-02-28T19:57:20.647Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-17085
Vulnerability from cvelistv5
Published
2020-11-11 06:48
Modified
2024-11-15 16:10
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17085 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 6 |
Version: 15.02.0 < publication cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:17.382Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17085", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-17085", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-15T16:10:02.571486Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-15T16:10:15.120Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 6", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 17", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 7", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 18", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, ], datePublic: "2020-11-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:52:06.490Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17085", }, ], title: "Microsoft Exchange Server Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17085", datePublished: "2020-11-11T06:48:32", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-11-15T16:10:15.120Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26858
Vulnerability from cvelistv5
Published
2021-03-02 23:55
Modified
2025-02-04 19:24
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 |
Version: 15.02.0 < publication cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:33:41.156Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-26858", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T19:16:00.589195Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-26858", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T19:24:39.137Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 3", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 14", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 4", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 15", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 5", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 6", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 16", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 17", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 7", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 18", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], datePublic: "2021-03-02T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T20:08:57.719Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-26858", datePublished: "2021-03-02T23:55:27.000Z", dateReserved: "2021-02-08T00:00:00.000Z", dateUpdated: "2025-02-04T19:24:39.137Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-17142
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Microsoft Exchange Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17142 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < publication cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:17.376Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17142", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 6", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 17", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 7", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 18", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T17:59:50.199Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17142", }, ], title: "Microsoft Exchange Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17142", datePublished: "2020-12-09T23:36:55", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:17.376Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28480
Vulnerability from cvelistv5
Published
2021-04-13 19:33
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28480 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.015 cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:47:31.822Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28480", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.015", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "15.01.2176.012", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.013", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.008", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.010", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-04-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T19:21:49.841Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28480", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-28480", datePublished: "2021-04-13T19:33:46", dateReserved: "2021-03-15T00:00:00", dateUpdated: "2024-08-03T21:47:31.822Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27065
Vulnerability from cvelistv5
Published
2021-03-02 23:55
Modified
2025-02-04 19:15
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 |
Version: 15.02.0 < publication cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:40:47.231Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-27065", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T19:15:28.165773Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27065", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T19:15:43.497Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 3", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 14", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 4", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 15", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 5", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 6", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 16", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 17", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 7", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 18", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], datePublic: "2021-03-02T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T20:09:28.788Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-27065", datePublished: "2021-03-02T23:55:28.000Z", dateReserved: "2021-02-10T00:00:00.000Z", dateUpdated: "2025-02-04T19:15:43.497Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31207
Vulnerability from cvelistv5
Published
2021-05-11 19:11
Modified
2025-02-04 18:17
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Security Feature Bypass Vulnerability
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.018 cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:55:53.519Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-819/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-31207", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T18:16:59.637651Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-31207", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T18:17:16.447Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.018", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.012", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.010", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "15.01.2176.014", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-05-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Security Feature Bypass Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Defense in Depth", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T23:57:04.957Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-819/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html", }, ], title: "Microsoft Exchange Server Security Feature Bypass Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31207", datePublished: "2021-05-11T19:11:41.000Z", dateReserved: "2021-04-14T00:00:00.000Z", dateUpdated: "2025-02-04T18:17:16.447Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-17132
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Microsoft Exchange Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17132 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < publication cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.886Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17132", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 6", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 17", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 7", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 18", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T17:59:46.178Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17132", }, ], title: "Microsoft Exchange Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17132", datePublished: "2020-12-09T23:36:50", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:16.886Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-17143
Vulnerability from cvelistv5
Published
2020-12-09 23:36
Modified
2024-08-04 13:53
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17143 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 6 |
Version: 15.02.0 < publication cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.934Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17143", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 6", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 17", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 7", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 18", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, ], datePublic: "2020-12-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T17:59:50.717Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17143", }, ], title: "Microsoft Exchange Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17143", datePublished: "2020-12-09T23:36:55", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:53:16.934Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21846
Vulnerability from cvelistv5
Published
2022-01-11 20:22
Modified
2025-01-02 18:22
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21846 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Version: 15.0.0 < 15.01.2375.018 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:53:36.402Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21846", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.018", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.028", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.021", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.018", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.015", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.028", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*", versionEndExcluding: "15.01.2308.021", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*", versionEndExcluding: "15.02.0922.020", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-01-11T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:22:48.227Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21846", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21846", datePublished: "2022-01-11T20:22:22", dateReserved: "2021-12-14T00:00:00", dateUpdated: "2025-01-02T18:22:48.227Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31206
Vulnerability from cvelistv5
Published
2021-07-14 17:53
Modified
2024-08-03 22:55
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31206 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-826/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Version: 15.02.0 < 15.02.0858.015 cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:55:52.209Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31206", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-826/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.012", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.023", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.014", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.013", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-07-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T22:36:19.357Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31206", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-826/", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31206", datePublished: "2021-07-14T17:53:13", dateReserved: "2021-04-14T00:00:00", dateUpdated: "2024-08-03T22:55:52.209Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41078
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-01-02 21:31
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.044 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:48.920Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.044", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.037", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.036", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.016", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.044", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.037", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.036", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.020", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.016", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-11-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:31:27.129Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41078", datePublished: "2022-11-09T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:31:27.129Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24516
Vulnerability from cvelistv5
Published
2022-08-09 19:47
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Version: 15.0.0 < 15.01.2375.032 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:13:56.041Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.032", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.030", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.042", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.013", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.032", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.030", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.042", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.015", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.013", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:19.958Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-24516", datePublished: "2022-08-09T19:47:56", dateReserved: "2022-02-05T00:00:00", dateUpdated: "2025-01-02T19:34:19.958Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-34470
Vulnerability from cvelistv5
Published
2021-07-14 17:54
Modified
2024-08-23 15:08
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.023 cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:12:50.389Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-34470", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-23T15:07:17.026694Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-23T15:08:35.587Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.023", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.007", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.008", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], datePublic: "2021-07-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T22:37:16.298Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.html", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-34470", datePublished: "2021-07-14T17:54:02", dateReserved: "2021-06-09T00:00:00", dateUpdated: "2024-08-23T15:08:35.587Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21980
Vulnerability from cvelistv5
Published
2022-08-09 19:47
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.042 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:00:55.055Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.042", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.030", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.032", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.013", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.042", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.030", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.032", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.015", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.013", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:19.443Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21980", datePublished: "2022-08-09T19:47:24", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2025-01-02T19:34:19.443Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23277
Vulnerability from cvelistv5
Published
2022-03-09 17:06
Modified
2025-01-02 18:35
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.033 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:36:20.337Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.033", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.027", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.027", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.024", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.022", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.033", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*", versionEndExcluding: "15.01.2308.027", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*", versionEndExcluding: "15.02.0922.027", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.024", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.022", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-03-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:35:24.947Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-23277", datePublished: "2022-03-09T17:06:55", dateReserved: "2022-01-15T00:00:00", dateUpdated: "2025-01-02T18:35:24.947Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21529
Vulnerability from cvelistv5
Published
2023-02-14 19:33
Modified
2025-01-01 00:40
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.025 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:01.279Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.041", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.047", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.021", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.041", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.047", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.021", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:42.972Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21529", datePublished: "2023-02-14T19:33:00.590Z", dateReserved: "2022-12-01T14:00:11.197Z", dateUpdated: "2025-01-01T00:40:42.972Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31195
Vulnerability from cvelistv5
Published
2021-05-11 19:11
Modified
2025-02-28 19:57
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 19 |
Version: 15.01.0 < 15.01.2176.014 cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:55:53.595Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-31195", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T19:25:49.893038Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-290", description: "CWE-290 Authentication Bypass by Spoofing", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T19:57:35.971Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "15.01.2176.014", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.012", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.010", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.018", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, ], datePublic: "2021-05-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T23:57:02.969Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31195", datePublished: "2021-05-11T19:11:38.000Z", dateReserved: "2021-04-14T00:00:00.000Z", dateUpdated: "2025-02-28T19:57:35.971Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-34523
Vulnerability from cvelistv5
Published
2021-07-14 17:54
Modified
2025-02-04 19:14
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.015 cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:12:50.370Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34523", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-822/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-34523", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T19:06:53.750452Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-34523", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T19:14:36.208Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.015", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.010", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.008", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "15.01.2176.012", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.013", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-07-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T22:36:44.141Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34523", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-822/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-34523", datePublished: "2021-07-14T17:54:38.000Z", dateReserved: "2021-06-09T00:00:00.000Z", dateUpdated: "2025-02-04T19:14:36.208Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21979
Vulnerability from cvelistv5
Published
2022-08-09 19:47
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21979 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Version: 15.02.0 < 15.02.0986.030 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:00:54.424Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21979", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.030", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.042", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.032", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.013", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.030", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.042", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.032", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.015", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.013", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:18.873Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21979", }, ], title: "Microsoft Exchange Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21979", datePublished: "2022-08-09T19:47:10", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2025-01-02T19:34:18.873Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-17083
Vulnerability from cvelistv5
Published
2020-11-11 06:48
Modified
2024-09-10 15:52
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17083 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 6 |
Version: 15.02.0 < publication cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:53:16.390Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17083", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 6", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 17", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 7", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 18", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, ], datePublic: "2020-11-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-10T15:52:05.435Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17083", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-17083", datePublished: "2020-11-11T06:48:31", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-09-10T15:52:05.435Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31198
Vulnerability from cvelistv5
Published
2021-05-11 19:11
Modified
2025-02-28 20:55
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31198 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-894/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Version: 15.02.0 < 15.02.0858.012 cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:55:53.241Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31198", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-894/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-31198", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:24:09.809147Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T20:55:39.432Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.012", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.010", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.018", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "15.01.2176.014", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-05-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T23:57:03.472Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31198", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-894/", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31198", datePublished: "2021-05-11T19:11:39.000Z", dateReserved: "2021-04-14T00:00:00.000Z", dateUpdated: "2025-02-28T20:55:39.432Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21978
Vulnerability from cvelistv5
Published
2022-05-10 20:33
Modified
2025-01-02 18:58
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21978 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Version: 15.0.0 < 15.01.2375.028 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:00:54.517Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21978", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.028", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.026", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.36", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.009", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.009", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.028", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.026", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.36", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.009", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.009", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-05-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:58:25.947Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21978", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21978", datePublished: "2022-05-10T20:33:14", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2025-01-02T18:58:25.947Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26412
Vulnerability from cvelistv5
Published
2021-03-02 23:55
Modified
2024-11-19 15:44
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26412 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < publication cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:26:25.385Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26412", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-26412", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-19T15:43:41.699559Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-19T15:44:00.903Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 7", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 18", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-03-02T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T20:08:55.645Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26412", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-26412", datePublished: "2021-03-02T23:55:24", dateReserved: "2021-01-29T00:00:00", dateUpdated: "2024-11-19T15:44:00.903Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21969
Vulnerability from cvelistv5
Published
2022-01-11 20:23
Modified
2025-01-02 18:23
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21969 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.028 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:00:54.611Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21969", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.028", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.021", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.018", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.028", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*", versionEndExcluding: "15.01.2308.021", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*", versionEndExcluding: "15.02.0922.020", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.018", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.015", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-01-11T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:23:09.499Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21969", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21969", datePublished: "2022-01-11T20:23:34", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2025-01-02T18:23:09.499Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26854
Vulnerability from cvelistv5
Published
2021-03-02 23:55
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26854 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 19 |
Version: 15.01.0 < publication cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:33:41.063Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26854", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 7", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 18", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], datePublic: "2021-03-02T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T20:08:56.162Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26854", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-26854", datePublished: "2021-03-02T23:55:25", dateReserved: "2021-02-08T00:00:00", dateUpdated: "2024-08-03T20:33:41.063Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-30134
Vulnerability from cvelistv5
Published
2022-08-09 19:48
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.015 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:40:47.587Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.013", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.042", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.032", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.030", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.015", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.013", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.042", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.032", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.030", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:21.182Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134", }, ], title: "Microsoft Exchange Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-30134", datePublished: "2022-08-09T19:48:24", dateReserved: "2022-05-03T00:00:00", dateUpdated: "2025-01-02T19:34:21.182Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26857
Vulnerability from cvelistv5
Published
2021-03-02 23:55
Modified
2025-02-04 19:16
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 19 |
Version: 15.01.0 < publication cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:33:40.973Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-26857", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-04T17:23:38.395840Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-26857", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T19:16:52.639Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 2", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 3", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 14", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 4", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 15", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 5", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 6", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 16", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 17", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 7", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 18", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*", ], platforms: [ "Unknown", ], product: "Microsoft Exchange Server 2010 Service Pack 3", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "14.0.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Service Pack 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 1", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], datePublic: "2021-03-02T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T20:08:57.205Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-26857", datePublished: "2021-03-02T23:55:26.000Z", dateReserved: "2021-02-08T00:00:00.000Z", dateUpdated: "2025-02-04T19:16:52.639Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21706
Vulnerability from cvelistv5
Published
2023-02-14 19:32
Modified
2025-01-01 00:40
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21706 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.025 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:02.299Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21706", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.021", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.041", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.047", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.021", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.041", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.047", versionStartIncluding: "15.00.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:46.418Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21706", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21706", datePublished: "2023-02-14T19:32:44.189Z", dateReserved: "2022-12-13T18:08:03.490Z", dateUpdated: "2025-01-01T00:40:46.418Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31196
Vulnerability from cvelistv5
Published
2021-07-14 17:53
Modified
2025-01-28 16:52
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31196 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Version: 15.02.0 < 15.02.0858.015 cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:55:53.341Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31196", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { dateAdded: "2024-08-21", reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", }, type: "kev", }, }, { other: { content: { id: "CVE-2021-31196", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T16:51:30.730018Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-28T16:52:34.659Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.012", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.023", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.014", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.013", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-07-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T22:36:18.850Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31196", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31196", datePublished: "2021-07-14T17:53:12.000Z", dateReserved: "2021-04-14T00:00:00.000Z", dateUpdated: "2025-01-28T16:52:34.659Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41349
Vulnerability from cvelistv5
Published
2021-11-10 00:46
Modified
2024-08-04 03:08
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41349 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.026 cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:08:32.236Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41349", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.026", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.020", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.019", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.017", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.014", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-11-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:47:54.073Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41349", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-41349", datePublished: "2021-11-10T00:46:32", dateReserved: "2021-09-17T00:00:00", dateUpdated: "2024-08-04T03:08:32.236Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33766
Vulnerability from cvelistv5
Published
2021-07-14 17:53
Modified
2025-02-04 19:14
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33766 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-798/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Version: 15.02.0 < 15.02.0858.010 cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:58:23.169Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33766", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-798/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-33766", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T19:07:59.976278Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-01-18", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-33766", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T19:14:36.498Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.010", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.008", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.015", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "15.01.2176.012", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.013", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-07-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T22:36:52.916Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33766", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-798/", }, ], title: "Microsoft Exchange Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-33766", datePublished: "2021-07-14T17:53:40.000Z", dateReserved: "2021-05-28T00:00:00.000Z", dateUpdated: "2025-02-04T19:14:36.498Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42305
Vulnerability from cvelistv5
Published
2021-11-10 00:47
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42305 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.026 cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:38.241Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42305", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.026", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.020", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.019", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.017", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.014", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-11-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:48:03.858Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42305", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-42305", datePublished: "2021-11-10T00:47:38", dateReserved: "2021-10-12T00:00:00", dateUpdated: "2024-08-04T03:30:38.241Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21762
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-02-28 21:14
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21762 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.017 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:50.079Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21762", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21762", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:26.798051Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:14:23.383Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.017", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.021", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.045", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.017", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.021", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.045", versionStartIncluding: "15.00.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-01-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:36:06.138Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21762", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21762", datePublished: "2023-01-10T00:00:00.000Z", dateReserved: "2022-12-13T00:00:00.000Z", dateUpdated: "2025-02-28T21:14:23.383Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28482
Vulnerability from cvelistv5
Published
2021-04-13 19:33
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28482 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Version: 15.02.0 < 15.02.0858.010 cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:47:31.825Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28482", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.010", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.008", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.015", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "15.01.2176.012", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.013", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-04-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T19:21:50.844Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28482", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-28482", datePublished: "2021-04-13T19:33:47", dateReserved: "2021-03-15T00:00:00", dateUpdated: "2024-08-03T21:47:31.825Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41082
Vulnerability from cvelistv5
Published
2022-10-03 00:00
Modified
2025-03-11 16:10
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.044 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2025-03-07T16:08:48.794Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://www.vicarius.io/vsociety/posts/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-detection-script", }, { url: "https://www.vicarius.io/vsociety/posts/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-mitigation-script", }, { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41082", }, { name: "VU#915563", tags: [ "third-party-advisory", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/915563", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/", }, ], title: "CVE Program Container", x_generator: { engine: "ADPogram 0.0.1", }, }, { metrics: [ { other: { content: { id: "CVE-2022-41082", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T17:55:49.337641Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-09-30", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41082", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T18:04:19.309Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.044", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.037", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.036", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.016", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.044", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.037", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.036", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.020", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.016", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-09-30T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:10:49.607Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41082", datePublished: "2022-10-03T00:00:00.000Z", dateReserved: "2022-09-19T00:00:00.000Z", dateUpdated: "2025-03-11T16:10:49.607Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28483
Vulnerability from cvelistv5
Published
2021-04-13 19:33
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28483 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Version: 15.02.0 < 15.02.0858.010 cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:47:31.781Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28483", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.010", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.008", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.015", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "15.01.2176.012", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.013", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-04-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T19:21:51.357Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28483", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-28483", datePublished: "2021-04-13T19:33:48", dateReserved: "2021-03-15T00:00:00", dateUpdated: "2024-08-03T21:47:31.781Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27078
Vulnerability from cvelistv5
Published
2021-03-02 23:55
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27078 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 19 |
Version: 15.01.0 < publication cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:40:47.276Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27078", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 7", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 18", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], datePublic: "2021-03-02T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T20:09:30.306Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27078", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-27078", datePublished: "2021-03-02T23:55:28", dateReserved: "2021-02-10T00:00:00", dateUpdated: "2024-08-03T20:40:47.276Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-34473
Vulnerability from cvelistv5
Published
2021-07-14 17:54
Modified
2025-02-04 15:42
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.015 cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:12:50.367Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34473", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-821/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-34473", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T15:42:23.926450Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-03", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-34473", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T15:42:40.713Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.015", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.010", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.008", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 19", vendor: "Microsoft", versions: [ { lessThan: "15.01.2176.012", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 8", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.013", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-07-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T22:36:44.655Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34473", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-821/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-34473", datePublished: "2021-07-14T17:54:03.000Z", dateReserved: "2021-06-09T00:00:00.000Z", dateUpdated: "2025-02-04T15:42:40.713Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24477
Vulnerability from cvelistv5
Published
2022-08-09 19:47
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.042 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:13:55.643Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.042", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.032", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.030", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.013", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.042", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.032", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.030", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.015", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.013", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:20.501Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-24477", datePublished: "2022-08-09T19:47:40", dateReserved: "2022-02-05T00:00:00", dateUpdated: "2025-01-02T19:34:20.501Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41080
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-02-04 14:11
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.016 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:48.787Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-41080", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2023-12-22T05:00:58.328537Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-01-10", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41080", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T14:11:16.864Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.016", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.044", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.036", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.037", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.016", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.020", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.044", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.036", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.037", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-11-08T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:31:28.814Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41080", datePublished: "2022-11-09T00:00:00.000Z", dateReserved: "2022-09-19T00:00:00.000Z", dateUpdated: "2025-02-04T14:11:16.864Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-16969
Vulnerability from cvelistv5
Published
2020-10-16 22:18
Modified
2024-08-04 13:45
Severity ?
EPSS score ?
Summary
<p>An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.</p>
<p>To exploit the vulnerability, an attacker could include specially crafted OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems.</p>
<p>The security update corrects the way that Exchange handles these token validations.</p>
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16969 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 6 |
Version: 15.02.0 < publication cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:45:34.738Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16969", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 6", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 17", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 7", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 18", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, ], datePublic: "2020-10-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "<p>An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.</p>\n<p>To exploit the vulnerability, an attacker could include specially crafted OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems.</p>\n<p>The security update corrects the way that Exchange handles these token validations.</p>\n", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-31T19:19:59.620Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16969", }, ], title: "Microsoft Exchange Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2020-16969", datePublished: "2020-10-16T22:18:07", dateReserved: "2020-08-04T00:00:00", dateUpdated: "2024-08-04T13:45:34.738Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26427
Vulnerability from cvelistv5
Published
2021-10-13 00:26
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26427 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Version: 15.0.0 < 15.01.2375.012 cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:26:25.215Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26427", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.012", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.009", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.024", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.015", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.014", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-10-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:52:19.160Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26427", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-26427", datePublished: "2021-10-13T00:26:32", dateReserved: "2021-01-29T00:00:00", dateUpdated: "2024-08-03T20:26:25.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21707
Vulnerability from cvelistv5
Published
2023-02-14 19:32
Modified
2025-02-28 21:14
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.023 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:02.148Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21707", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:24.218455Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:14:18.304Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.023", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.026", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.042", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.048", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.023", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.026", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.042", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.048", versionStartIncluding: "15.00.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:46.968Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21707", datePublished: "2023-02-14T19:32:45.126Z", dateReserved: "2022-12-13T18:08:03.490Z", dateUpdated: "2025-02-28T21:14:18.304Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }