{"vulnerability": "cve-2023-21529", "sightings": [{"uuid": "21d68767-49fe-4ab5-992a-c246d17691d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://www.thezdi.com/blog/2024/9/11/exploiting-exchange-powershell-after-proxynotshell-part-2-approvedapplicationcollection", "content": "", "creation_timestamp": "2024-09-12T15:00:00.000000Z"}, {"uuid": "b2acdfd5-31a2-401e-8dd8-6a6de7def5b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://www.thezdi.com/blog/2024/9/4/exploiting-exchange-powershell-after-proxynotshell-part-1-multivaluedproperty", "content": "", "creation_timestamp": "2024-09-05T15:39:37.000000Z"}, {"uuid": "460a2547-15d6-4813-a446-326d096da121", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3miwohygpw52y", "content": "", "creation_timestamp": "2026-04-07T21:03:05.404427Z"}, {"uuid": "17cd733d-5f59-4bb9-9a5c-bbecbf11030b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "MISP/f3b16ca9-f749-4169-9a68-b159e6aaf5ed", "content": "", "creation_timestamp": "2026-04-08T07:25:53.000000Z"}, {"uuid": "17b9846a-53c5-4cb9-95d2-2df11b85c4e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-21529", "type": "exploited", "source": "https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/", "content": "", "creation_timestamp": "2026-04-06T04:00:00.000000Z"}, {"uuid": "bfaf4edb-3b53-4981-83fd-e52763d113ff", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2023-21529", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ba529bfb-ebc6-44c5-b1d5-f100a54f716e", "content": "", "creation_timestamp": "2026-04-13T18:00:03.003950Z"}, {"uuid": "6e2df7b4-c493-4f47-8b4c-ea0be78a9db8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/6244767", "content": "", "creation_timestamp": "2026-04-13T18:07:29.137156Z"}, {"uuid": "4ab933a2-d7b3-4a8c-a620-8358a662ffa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116399043810586963", "content": "", "creation_timestamp": "2026-04-13T19:27:37.468249Z"}, {"uuid": "a39265fe-1b45-4191-a923-d6c6fc3e0175", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mjgngqylg22i", "content": "", "creation_timestamp": "2026-04-14T05:27:05.679328Z"}, {"uuid": "455404d5-6362-4e19-85d7-9d209591464a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://bsky.app/profile/malwhere.bsky.social/post/3mjh2cc5xwk2s", "content": "", "creation_timestamp": "2026-04-14T09:17:28.126707Z"}, {"uuid": "46adaa51-f195-4bca-ae55-a5490ca883c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://bsky.app/profile/malwhere.bsky.social/post/3mjh2cor2ek2s", "content": "", "creation_timestamp": "2026-04-14T09:17:28.654840Z"}, {"uuid": "250731e9-fd36-44e0-af17-89e8e1dda6d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://gist.github.com/stone776/3d08ecfe13c93ecafaa4d45bb1ff7634", "content": "", "creation_timestamp": "2026-04-14T14:13:46.000000Z"}, {"uuid": "80a3c934-6d89-448c-9c10-dc9dba3eced2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3mjibqckjjn26", "content": "", "creation_timestamp": "2026-04-14T21:03:03.205357Z"}, {"uuid": "e3607c23-ee93-4b33-9a46-f0a72ded5a64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "MISP/f3b16ca9-f749-4169-9a68-b159e6aaf5ed", "content": "", "creation_timestamp": "2026-04-18T13:07:25.000000Z"}, {"uuid": "d796a021-a701-46b6-ac57-02766fdbe11a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6762", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aRCE\n\u63cf\u8ff0\uff1a A Remote Code Execution (RCE) vulnerability impacting Microsoft Exchange Server CVE-2023-21529 POC\nURL\uff1ahttps://github.com/tr1pl3ight/CVE-2023-21529-POC\n\n\u6807\u7b7e\uff1a#RCE", "creation_timestamp": "2024-03-08T16:03:05.000000Z"}, {"uuid": "9cdfaf74-30e5-462c-9f22-1a3da70d5340", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://t.me/realvulnerabilities/6", "content": "February Microsoft Patch. I decided to change the format a bit. I will share the general impression right away, but the full blog post/video will be released with a delay.\n\n1. RCE - Windows Graphics Component (CVE-2023-21823) seems the most critical. Interestingly, ZDI marked this vulnerability as EoP and did not add it to their review. Apparently MS changed the type of vulnerability before the release. Let's hope that the EDRs will promptly start blocking the exploitation.\n2. EoP - Windows Common Log File System Driver (CVE-2023-23376) with a sign of active exploitation.\n3. Multiple RCEs for Exchange (CVE-2023-21529, CVE-2023-21706, CVE-2023-21707, CVE-2023-21710). But so far no signs of exploitation.\n4. A funny Inf. Disclosure in augmented reality devices HoloLens 1 (CVE-2019-15126), it's an old Broadcom vulnerability with a bunch of exploits. \n\nRaw Vulristics report. There are problems with software detections, I will fix them later.", "creation_timestamp": "2023-02-22T03:33:02.000000Z"}, {"uuid": "bea42869-dc01-4055-9e77-75058bfa6deb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "seen", "source": "https://t.me/ctinow/203557", "content": "https://ift.tt/nEX6LNq\nCVE-2023-21529 Exploit", "creation_timestamp": "2024-03-08T20:16:21.000000Z"}, {"uuid": "a33703fc-8e24-423c-be38-c9c7c03a5c7c", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/adcabe92-bc30-4c92-9d62-db9808733a57", "content": "", "creation_timestamp": "2026-06-19T12:45:13.795028Z"}, {"uuid": "17d4f917-8201-4264-87e7-a58361c1a4f8", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-21529", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/02168ec5-91af-4771-b8dc-7daef32cd80b", "content": "", "creation_timestamp": "2026-06-23T14:03:40.289417Z"}]}