Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
32 vulnerabilities found for Microsoft Exchange Server 2019 Cumulative Update 10 by Microsoft
CVE-2022-24463 (GCVE-0-2022-24463)
Vulnerability from cvelistv5 – Published: 2022-03-09 17:07 – Updated: 2025-07-08 15:31
VLAI
Title
Microsoft Exchange Server Spoofing Vulnerability
Summary
Microsoft Exchange Server Spoofing Vulnerability
Severity
CWE
- Spoofing
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.027
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.027
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.024
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.022
(custom)
|
Date Public
2022-03-08 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:55.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.027",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.027",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.024",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.022",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2308.027",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0922.027",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.024",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.022",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-03-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:31:32.346Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24463"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-24463",
"datePublished": "2022-03-09T17:07:44.000Z",
"dateReserved": "2022-02-05T00:00:00.000Z",
"dateUpdated": "2025-07-08T15:31:32.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23277 (GCVE-0-2022-23277)
Vulnerability from cvelistv5 – Published: 2022-03-09 17:06 – Updated: 2025-07-08 15:31
VLAI
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.033
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.027
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.027
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.024
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.022
(custom)
|
Date Public
2022-03-08 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.033",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.027",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.027",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.024",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.022",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.033",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2308.027",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0922.027",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.024",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.022",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-03-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:31:45.744Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-23277",
"datePublished": "2022-03-09T17:06:55.000Z",
"dateReserved": "2022-01-15T00:00:00.000Z",
"dateUpdated": "2025-07-08T15:31:45.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21969 (GCVE-0-2022-21969)
Vulnerability from cvelistv5 – Published: 2022-01-11 20:23 – Updated: 2025-01-02 18:23
VLAI
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISCx_transferred |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.028
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.021
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.020
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.018
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.015
(custom)
|
Date Public
2022-01-11 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:54.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21969"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.028",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.021",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.018",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.028",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2308.021",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0922.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.018",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.015",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-01-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T18:23:09.499Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21969"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-21969",
"datePublished": "2022-01-11T20:23:34.000Z",
"dateReserved": "2021-12-16T00:00:00.000Z",
"dateUpdated": "2025-01-02T18:23:09.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21855 (GCVE-0-2022-21855)
Vulnerability from cvelistv5 – Published: 2022-01-11 20:22 – Updated: 2025-01-02 18:22
VLAI
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISCx_transferred |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.028
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.021
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.020
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.018
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.015
(custom)
|
Date Public
2022-01-11 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:36.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21855"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.028",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.021",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.018",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.028",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2308.021",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0922.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.018",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.015",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-01-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T18:22:48.703Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21855"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-21855",
"datePublished": "2022-01-11T20:22:28.000Z",
"dateReserved": "2021-12-14T00:00:00.000Z",
"dateUpdated": "2025-01-02T18:22:48.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21846 (GCVE-0-2022-21846)
Vulnerability from cvelistv5 – Published: 2022-01-11 20:22 – Updated: 2025-01-02 18:22
VLAI
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISCx_transferred |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.018
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.015
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.028
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.021
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.020
(custom)
|
Date Public
2022-01-11 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:36.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21846"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.018",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.028",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.021",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.018",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.015",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.028",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2308.021",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0922.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-01-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T18:22:48.227Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21846"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-21846",
"datePublished": "2022-01-11T20:22:22.000Z",
"dateReserved": "2021-12-14T00:00:00.000Z",
"dateUpdated": "2025-01-02T18:22:48.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42321 (GCVE-0-2021-42321)
Vulnerability from cvelistv5 – Published: 2021-11-10 00:47 – Updated: 2025-10-21 23:25
VLAI
CISA KEV
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Remote Code Execution
- CWE-noinfo Not enough information
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| http://packetstormsecurity.com/files/166153/Micro… | x_refsource_MISC |
| http://packetstormsecurity.com/files/168131/Micro… | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.020
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0792.019
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.017
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
Date Public
2021-11-09 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42321"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166153/Microsoft-Exchange-Server-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168131/Microsoft-Exchange-Server-ChainedSerializationBinder-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42321",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-03T16:43:32.753195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-17",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42321"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:25.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42321"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-17T00:00:00.000Z",
"value": "CVE-2021-42321 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.020",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0792.019",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.017",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:47:48.107Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42321"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166153/Microsoft-Exchange-Server-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168131/Microsoft-Exchange-Server-ChainedSerializationBinder-Remote-Code-Execution.html"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-42321",
"datePublished": "2021-11-10T00:47:43.000Z",
"dateReserved": "2021-10-12T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:25.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42305 (GCVE-0-2021-42305)
Vulnerability from cvelistv5 – Published: 2021-11-10 00:47 – Updated: 2024-08-04 03:30
VLAI
Title
Microsoft Exchange Server Spoofing Vulnerability
Summary
Microsoft Exchange Server Spoofing Vulnerability
Severity
CWE
- Spoofing
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.026
(custom)
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.020
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0792.019
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.017
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
Date Public
2021-11-09 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.026",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.020",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0792.019",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.017",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:48:03.858Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42305"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-42305",
"datePublished": "2021-11-10T00:47:38.000Z",
"dateReserved": "2021-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:30:38.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41349 (GCVE-0-2021-41349)
Vulnerability from cvelistv5 – Published: 2021-11-10 00:46 – Updated: 2024-08-04 03:08
VLAI
Title
Microsoft Exchange Server Spoofing Vulnerability
Summary
Microsoft Exchange Server Spoofing Vulnerability
Severity
CWE
- Spoofing
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.026
(custom)
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.020
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0792.019
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.017
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
Date Public
2021-11-09 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:32.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41349"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.026",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.020",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0792.019",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.017",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:47:54.073Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41349"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-41349",
"datePublished": "2021-11-10T00:46:32.000Z",
"dateReserved": "2021-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:08:32.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41350 (GCVE-0-2021-41350)
Vulnerability from cvelistv5 – Published: 2021-10-13 00:28 – Updated: 2024-08-04 03:08
VLAI
Title
Microsoft Exchange Server Spoofing Vulnerability
Summary
Microsoft Exchange Server Spoofing Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Spoofing
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.009
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
Date Public
2021-10-12 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-41350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:04:51.954198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:59.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:32.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41350"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.015",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.009",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.012",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:52:17.494Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41350"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-41350",
"datePublished": "2021-10-13T00:28:13.000Z",
"dateReserved": "2021-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:08:32.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41348 (GCVE-0-2021-41348)
Vulnerability from cvelistv5 – Published: 2021-10-13 00:28 – Updated: 2024-08-04 03:08
VLAI
Title
Microsoft Exchange Server Elevation of Privilege Vulnerability
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
Severity
CWE
- Elevation of Privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.009
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
Date Public
2021-10-12 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:32.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.015",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.009",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.012",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:52:16.768Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41348"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-41348",
"datePublished": "2021-10-13T00:28:11.000Z",
"dateReserved": "2021-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:08:32.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34453 (GCVE-0-2021-34453)
Vulnerability from cvelistv5 – Published: 2021-10-13 00:26 – Updated: 2024-08-04 00:12
VLAI
Title
Microsoft Exchange Server Denial of Service Vulnerability
Summary
Microsoft Exchange Server Denial of Service Vulnerability
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Denial of Service
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.009
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
Date Public
2021-10-12 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T20:30:38.736301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T20:30:48.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.009",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.015",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.012",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:52:09.137Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34453"
}
],
"title": "Microsoft Exchange Server Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-34453",
"datePublished": "2021-10-13T00:26:37.000Z",
"dateReserved": "2021-06-09T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:12:50.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26427 (GCVE-0-2021-26427)
Vulnerability from cvelistv5 – Published: 2021-10-13 00:26 – Updated: 2024-08-03 20:26
VLAI
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.009
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.024
(custom)
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
Date Public
2021-10-12 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.012",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.009",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.024",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.015",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:52:19.160Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26427"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-26427",
"datePublished": "2021-10-13T00:26:32.000Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:26:25.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34470 (GCVE-0-2021-34470)
Vulnerability from cvelistv5 – Published: 2021-07-14 17:54 – Updated: 2024-08-23 15:08
VLAI
Title
Microsoft Exchange Server Elevation of Privilege Vulnerability
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of Privilege
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| http://packetstormsecurity.com/files/163706/Micro… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.023
(custom)
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.007
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.008
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
Date Public
2021-07-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34470",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T15:07:17.026694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T15:08:35.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.023",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.007",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.008",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T22:37:16.298Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.html"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-34470",
"datePublished": "2021-07-14T17:54:02.000Z",
"dateReserved": "2021-06-09T00:00:00.000Z",
"dateUpdated": "2024-08-23T15:08:35.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33768 (GCVE-0-2021-33768)
Vulnerability from cvelistv5 – Published: 2021-07-14 17:53 – Updated: 2024-08-03 23:58
VLAI
Title
Microsoft Exchange Server Elevation of Privilege Vulnerability
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
Severity
CWE
- Elevation of Privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Affected:
15.02.0 , < 15.02.0858.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 20 |
Affected:
15.01.0 , < 15.01.2242.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.013
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
Date Public
2021-07-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33768"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0858.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 20",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2242.012",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.014",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.013",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T22:36:53.445Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33768"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-33768",
"datePublished": "2021-07-14T17:53:42.000Z",
"dateReserved": "2021-05-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:58:22.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31206 (GCVE-0-2021-31206)
Vulnerability from cvelistv5 – Published: 2021-07-14 17:53 – Updated: 2024-08-03 22:55
VLAI
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Affected:
15.02.0 , < 15.02.0858.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 20 |
Affected:
15.01.0 , < 15.01.2242.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.023
(custom)
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.013
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
Date Public
2021-07-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:52.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-826/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0858.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 20",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2242.012",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.023",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.014",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.013",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T22:36:19.357Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-826/"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-31206",
"datePublished": "2021-07-14T17:53:13.000Z",
"dateReserved": "2021-04-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:55:52.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24463 (GCVE-0-2022-24463)
Vulnerability from nvd – Published: 2022-03-09 17:07 – Updated: 2025-07-08 15:31
VLAI
Title
Microsoft Exchange Server Spoofing Vulnerability
Summary
Microsoft Exchange Server Spoofing Vulnerability
Severity
CWE
- Spoofing
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.027
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.027
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.024
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.022
(custom)
|
Date Public
2022-03-08 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:55.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.027",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.027",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.024",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.022",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2308.027",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0922.027",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.024",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.022",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-03-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:31:32.346Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24463"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-24463",
"datePublished": "2022-03-09T17:07:44.000Z",
"dateReserved": "2022-02-05T00:00:00.000Z",
"dateUpdated": "2025-07-08T15:31:32.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23277 (GCVE-0-2022-23277)
Vulnerability from nvd – Published: 2022-03-09 17:06 – Updated: 2025-07-08 15:31
VLAI
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.033
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.027
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.027
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.024
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.022
(custom)
|
Date Public
2022-03-08 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.033",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.027",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.027",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.024",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.022",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.033",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2308.027",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0922.027",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.024",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.022",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-03-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:31:45.744Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-23277",
"datePublished": "2022-03-09T17:06:55.000Z",
"dateReserved": "2022-01-15T00:00:00.000Z",
"dateUpdated": "2025-07-08T15:31:45.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21969 (GCVE-0-2022-21969)
Vulnerability from nvd – Published: 2022-01-11 20:23 – Updated: 2025-01-02 18:23
VLAI
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISCx_transferred |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.028
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.021
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.020
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.018
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.015
(custom)
|
Date Public
2022-01-11 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:54.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21969"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.028",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.021",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.018",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.028",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2308.021",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0922.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.018",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.015",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-01-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T18:23:09.499Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21969"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-21969",
"datePublished": "2022-01-11T20:23:34.000Z",
"dateReserved": "2021-12-16T00:00:00.000Z",
"dateUpdated": "2025-01-02T18:23:09.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21855 (GCVE-0-2022-21855)
Vulnerability from nvd – Published: 2022-01-11 20:22 – Updated: 2025-01-02 18:22
VLAI
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISCx_transferred |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.028
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.021
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.020
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.018
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.015
(custom)
|
Date Public
2022-01-11 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:36.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21855"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.028",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.021",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.018",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.028",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2308.021",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0922.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.018",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.015",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-01-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T18:22:48.703Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21855"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-21855",
"datePublished": "2022-01-11T20:22:28.000Z",
"dateReserved": "2021-12-14T00:00:00.000Z",
"dateUpdated": "2025-01-02T18:22:48.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21846 (GCVE-0-2022-21846)
Vulnerability from nvd – Published: 2022-01-11 20:22 – Updated: 2025-01-02 18:22
VLAI
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISCx_transferred |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.018
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.015
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.028
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.021
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.020
(custom)
|
Date Public
2022-01-11 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:36.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21846"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.018",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.028",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.021",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.018",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.015",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.028",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2308.021",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0922.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-01-11T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T18:22:48.227Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21846"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-21846",
"datePublished": "2022-01-11T20:22:22.000Z",
"dateReserved": "2021-12-14T00:00:00.000Z",
"dateUpdated": "2025-01-02T18:22:48.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42321 (GCVE-0-2021-42321)
Vulnerability from nvd – Published: 2021-11-10 00:47 – Updated: 2025-10-21 23:25
VLAI
CISA KEV
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Remote Code Execution
- CWE-noinfo Not enough information
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| http://packetstormsecurity.com/files/166153/Micro… | x_refsource_MISC |
| http://packetstormsecurity.com/files/168131/Micro… | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.020
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0792.019
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.017
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
Date Public
2021-11-09 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42321"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166153/Microsoft-Exchange-Server-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168131/Microsoft-Exchange-Server-ChainedSerializationBinder-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42321",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-03T16:43:32.753195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-17",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42321"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:25.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42321"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-17T00:00:00.000Z",
"value": "CVE-2021-42321 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.020",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0792.019",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.017",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:47:48.107Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42321"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166153/Microsoft-Exchange-Server-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168131/Microsoft-Exchange-Server-ChainedSerializationBinder-Remote-Code-Execution.html"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-42321",
"datePublished": "2021-11-10T00:47:43.000Z",
"dateReserved": "2021-10-12T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:25.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42305 (GCVE-0-2021-42305)
Vulnerability from nvd – Published: 2021-11-10 00:47 – Updated: 2024-08-04 03:30
VLAI
Title
Microsoft Exchange Server Spoofing Vulnerability
Summary
Microsoft Exchange Server Spoofing Vulnerability
Severity
CWE
- Spoofing
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.026
(custom)
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.020
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0792.019
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.017
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
Date Public
2021-11-09 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.026",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.020",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0792.019",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.017",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:48:03.858Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42305"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-42305",
"datePublished": "2021-11-10T00:47:38.000Z",
"dateReserved": "2021-10-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:30:38.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41349 (GCVE-0-2021-41349)
Vulnerability from nvd – Published: 2021-11-10 00:46 – Updated: 2024-08-04 03:08
VLAI
Title
Microsoft Exchange Server Spoofing Vulnerability
Summary
Microsoft Exchange Server Spoofing Vulnerability
Severity
CWE
- Spoofing
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.026
(custom)
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.020
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0792.019
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.017
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
Date Public
2021-11-09 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:32.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41349"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.026",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.020",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0792.019",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.017",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:47:54.073Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41349"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-41349",
"datePublished": "2021-11-10T00:46:32.000Z",
"dateReserved": "2021-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:08:32.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41350 (GCVE-0-2021-41350)
Vulnerability from nvd – Published: 2021-10-13 00:28 – Updated: 2024-08-04 03:08
VLAI
Title
Microsoft Exchange Server Spoofing Vulnerability
Summary
Microsoft Exchange Server Spoofing Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Spoofing
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.009
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
Date Public
2021-10-12 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-41350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:04:51.954198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:59.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:32.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41350"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.015",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.009",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.012",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:52:17.494Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41350"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-41350",
"datePublished": "2021-10-13T00:28:13.000Z",
"dateReserved": "2021-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:08:32.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41348 (GCVE-0-2021-41348)
Vulnerability from nvd – Published: 2021-10-13 00:28 – Updated: 2024-08-04 03:08
VLAI
Title
Microsoft Exchange Server Elevation of Privilege Vulnerability
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
Severity
CWE
- Elevation of Privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.009
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
Date Public
2021-10-12 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:32.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.015",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.009",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.012",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:52:16.768Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41348"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-41348",
"datePublished": "2021-10-13T00:28:11.000Z",
"dateReserved": "2021-09-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:08:32.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34453 (GCVE-0-2021-34453)
Vulnerability from nvd – Published: 2021-10-13 00:26 – Updated: 2024-08-04 00:12
VLAI
Title
Microsoft Exchange Server Denial of Service Vulnerability
Summary
Microsoft Exchange Server Denial of Service Vulnerability
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Denial of Service
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.009
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
Date Public
2021-10-12 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T20:30:38.736301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T20:30:48.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.009",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.015",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.012",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:52:09.137Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34453"
}
],
"title": "Microsoft Exchange Server Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-34453",
"datePublished": "2021-10-13T00:26:37.000Z",
"dateReserved": "2021-06-09T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:12:50.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26427 (GCVE-0-2021-26427)
Vulnerability from nvd – Published: 2021-10-13 00:26 – Updated: 2024-08-03 20:26
VLAI
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.009
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.024
(custom)
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
Date Public
2021-10-12 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.012",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.009",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.024",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.015",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:52:19.160Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26427"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-26427",
"datePublished": "2021-10-13T00:26:32.000Z",
"dateReserved": "2021-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:26:25.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34470 (GCVE-0-2021-34470)
Vulnerability from nvd – Published: 2021-07-14 17:54 – Updated: 2024-08-23 15:08
VLAI
Title
Microsoft Exchange Server Elevation of Privilege Vulnerability
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Elevation of Privilege
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| http://packetstormsecurity.com/files/163706/Micro… | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.023
(custom)
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.007
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.008
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
Date Public
2021-07-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34470",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-23T15:07:17.026694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-23T15:08:35.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.023",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.007",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.008",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T22:37:16.298Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34470"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163706/Microsoft-Exchange-AD-Schema-Misconfiguration-Privilege-Escalation.html"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-34470",
"datePublished": "2021-07-14T17:54:02.000Z",
"dateReserved": "2021-06-09T00:00:00.000Z",
"dateUpdated": "2024-08-23T15:08:35.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33768 (GCVE-0-2021-33768)
Vulnerability from nvd – Published: 2021-07-14 17:53 – Updated: 2024-08-03 23:58
VLAI
Title
Microsoft Exchange Server Elevation of Privilege Vulnerability
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
Severity
CWE
- Elevation of Privilege
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Affected:
15.02.0 , < 15.02.0858.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 20 |
Affected:
15.01.0 , < 15.01.2242.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.013
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
Date Public
2021-07-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33768"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0858.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 20",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2242.012",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.014",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.013",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T22:36:53.445Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33768"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-33768",
"datePublished": "2021-07-14T17:53:42.000Z",
"dateReserved": "2021-05-28T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:58:22.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31206 (GCVE-0-2021-31206)
Vulnerability from nvd – Published: 2021-07-14 17:53 – Updated: 2024-08-03 22:55
VLAI
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Affected:
15.02.0 , < 15.02.0858.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 20 |
Affected:
15.01.0 , < 15.01.2242.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.023
(custom)
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Affected:
15.01.0 , < 15.01.2308.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 10 |
Affected:
15.02.0 , < 15.02.0922.013
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:* |
Date Public
2021-07-13 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:52.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31206"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-826/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0858.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 20",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2242.012",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.023",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.014",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.013",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-13T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T22:36:19.357Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31206"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-826/"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-31206",
"datePublished": "2021-07-14T17:53:13.000Z",
"dateReserved": "2021-04-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:55:52.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}