Vulnerabilites related to Microsoft - Microsoft Exchange Server 2019 Cumulative Update 10
cve-2022-21846
Vulnerability from cvelistv5
Published
2022-01-11 20:22
Modified
2025-01-02 18:22
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21846 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Version: 15.0.0 < 15.01.2375.018 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:53:36.402Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21846", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.018", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.028", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.021", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.018", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.015", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.028", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*", versionEndExcluding: "15.01.2308.021", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*", versionEndExcluding: "15.02.0922.020", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-01-11T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:22:48.227Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21846", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21846", datePublished: "2022-01-11T20:22:22", dateReserved: "2021-12-14T00:00:00", dateUpdated: "2025-01-02T18:22:48.227Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24463
Vulnerability from cvelistv5
Published
2022-03-09 17:07
Modified
2025-01-02 18:35
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24463 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Version: 15.01.0 < 15.01.2308.027 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:13:55.597Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24463", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.027", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.027", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.024", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.022", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*", versionEndExcluding: "15.01.2308.027", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*", versionEndExcluding: "15.02.0922.027", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.024", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.022", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-03-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:35:12.350Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24463", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-24463", datePublished: "2022-03-09T17:07:44", dateReserved: "2022-02-05T00:00:00", dateUpdated: "2025-01-02T18:35:12.350Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31206
Vulnerability from cvelistv5
Published
2021-07-14 17:53
Modified
2024-08-03 22:55
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31206 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-826/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Version: 15.02.0 < 15.02.0858.015 cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:55:52.209Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31206", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-826/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.012", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.023", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.014", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.013", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-07-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T22:36:19.357Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31206", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-826/", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31206", datePublished: "2021-07-14T17:53:13", dateReserved: "2021-04-14T00:00:00", dateUpdated: "2024-08-03T22:55:52.209Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41350
Vulnerability from cvelistv5
Published
2021-10-13 00:28
Modified
2024-08-04 03:08
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41350 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Version: 15.01.0 < 15.01.2308.015 cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2021-41350", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-04T15:04:51.954198Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:12:59.422Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T03:08:32.177Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41350", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.015", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.014", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.009", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.012", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-10-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:52:17.494Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41350", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-41350", datePublished: "2021-10-13T00:28:13", dateReserved: "2021-09-17T00:00:00", dateUpdated: "2024-08-04T03:08:32.177Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21969
Vulnerability from cvelistv5
Published
2022-01-11 20:23
Modified
2025-01-02 18:23
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21969 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.028 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:00:54.611Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21969", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.028", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.021", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.018", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.028", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*", versionEndExcluding: "15.01.2308.021", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*", versionEndExcluding: "15.02.0922.020", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.018", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.015", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-01-11T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:23:09.499Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21969", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21969", datePublished: "2022-01-11T20:23:34", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2025-01-02T18:23:09.499Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41348
Vulnerability from cvelistv5
Published
2021-10-13 00:28
Modified
2024-08-04 03:08
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41348 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Version: 15.01.0 < 15.01.2308.015 cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:08:32.250Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41348", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.015", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.014", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.009", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.012", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-10-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:52:16.768Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41348", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-41348", datePublished: "2021-10-13T00:28:11", dateReserved: "2021-09-17T00:00:00", dateUpdated: "2024-08-04T03:08:32.250Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-34470
Vulnerability from cvelistv5
Published
2021-07-14 17:54
Modified
2024-08-23 15:08
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.023 cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:12:50.389Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-34470", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-23T15:07:17.026694Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-23T15:08:35.587Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.023", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.007", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.008", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], datePublic: "2021-07-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T22:37:16.298Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.html", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-34470", datePublished: "2021-07-14T17:54:02", dateReserved: "2021-06-09T00:00:00", dateUpdated: "2024-08-23T15:08:35.587Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-21855
Vulnerability from cvelistv5
Published
2022-01-11 20:22
Modified
2025-01-02 18:22
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21855 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.028 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T02:53:36.412Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21855", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.028", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.021", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.018", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.028", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*", versionEndExcluding: "15.01.2308.021", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*", versionEndExcluding: "15.02.0922.020", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.018", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.015", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-01-11T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:22:48.703Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21855", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21855", datePublished: "2022-01-11T20:22:28", dateReserved: "2021-12-14T00:00:00", dateUpdated: "2025-01-02T18:22:48.703Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-23277
Vulnerability from cvelistv5
Published
2022-03-09 17:06
Modified
2025-01-02 18:35
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.033 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:36:20.337Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.033", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.027", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.027", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.024", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.022", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.033", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*", versionEndExcluding: "15.01.2308.027", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*", versionEndExcluding: "15.02.0922.027", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.024", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.022", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-03-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:35:24.947Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-23277", datePublished: "2022-03-09T17:06:55", dateReserved: "2022-01-15T00:00:00", dateUpdated: "2025-01-02T18:35:24.947Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-34453
Vulnerability from cvelistv5
Published
2021-10-13 00:26
Modified
2024-08-04 00:12
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34453 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Version: 15.02.0 < 15.02.0986.009 cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2021-34453", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-18T20:30:38.736301Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-18T20:30:48.570Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T00:12:50.102Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34453", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.009", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.014", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.015", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.012", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-10-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:52:09.137Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34453", }, ], title: "Microsoft Exchange Server Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-34453", datePublished: "2021-10-13T00:26:37", dateReserved: "2021-06-09T00:00:00", dateUpdated: "2024-08-04T00:12:50.102Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33768
Vulnerability from cvelistv5
Published
2021-07-14 17:53
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33768 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Version: 15.02.0 < 15.02.0858.015 cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:58:22.872Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33768", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.012", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.014", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.013", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-07-13T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T22:36:53.445Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33768", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-33768", datePublished: "2021-07-14T17:53:42", dateReserved: "2021-05-28T00:00:00", dateUpdated: "2024-08-03T23:58:22.872Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26427
Vulnerability from cvelistv5
Published
2021-10-13 00:26
Modified
2024-08-03 20:26
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26427 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Version: 15.0.0 < 15.01.2375.012 cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:26:25.215Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26427", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.012", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.009", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.024", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.015", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.014", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-10-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:52:19.160Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26427", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-26427", datePublished: "2021-10-13T00:26:32", dateReserved: "2021-01-29T00:00:00", dateUpdated: "2024-08-03T20:26:25.215Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31196
Vulnerability from cvelistv5
Published
2021-07-14 17:53
Modified
2025-01-28 16:52
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31196 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Version: 15.02.0 < 15.02.0858.015 cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:55:53.341Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31196", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { dateAdded: "2024-08-21", reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", }, type: "kev", }, }, { other: { content: { id: "CVE-2021-31196", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-28T16:51:30.730018Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-28T16:52:34.659Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 9", vendor: "Microsoft", versions: [ { lessThan: "15.02.0858.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 20", vendor: "Microsoft", versions: [ { lessThan: "15.01.2242.012", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.023", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.014", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0922.013", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-07-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-28T22:36:18.850Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31196", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-31196", datePublished: "2021-07-14T17:53:12.000Z", dateReserved: "2021-04-14T00:00:00.000Z", dateUpdated: "2025-01-28T16:52:34.659Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41349
Vulnerability from cvelistv5
Published
2021-11-10 00:46
Modified
2024-08-04 03:08
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41349 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.026 cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:08:32.236Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41349", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.026", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.020", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.019", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.017", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.014", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-11-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:47:54.073Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41349", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-41349", datePublished: "2021-11-10T00:46:32", dateReserved: "2021-09-17T00:00:00", dateUpdated: "2024-08-04T03:08:32.236Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42305
Vulnerability from cvelistv5
Published
2021-11-10 00:47
Modified
2024-08-04 03:30
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42305 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.026 cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:38.241Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42305", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.026", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.020", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.019", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.017", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.014", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-11-09T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:48:03.858Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42305", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-42305", datePublished: "2021-11-10T00:47:38", dateReserved: "2021-10-12T00:00:00", dateUpdated: "2024-08-04T03:30:38.241Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-42321
Vulnerability from cvelistv5
Published
2021-11-10 00:47
Modified
2025-02-04 19:14
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Version: 15.01.0 < 15.01.2308.020 cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:30:38.363Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42321", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/166153/Microsoft-Exchange-Server-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/168131/Microsoft-Exchange-Server-ChainedSerializationBinder-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-42321", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-01-03T16:43:32.753195Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-17", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-42321", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T19:14:35.921Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 21", vendor: "Microsoft", versions: [ { lessThan: "15.01.2308.020", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 10", vendor: "Microsoft", versions: [ { lessThan: "15.02.0792.019", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.017", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.014", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], datePublic: "2021-11-09T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-29T14:47:48.107Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42321", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/166153/Microsoft-Exchange-Server-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/168131/Microsoft-Exchange-Server-ChainedSerializationBinder-Remote-Code-Execution.html", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-42321", datePublished: "2021-11-10T00:47:43.000Z", dateReserved: "2021-10-12T00:00:00.000Z", dateUpdated: "2025-02-04T19:14:35.921Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }