Vulnerabilites related to Microsoft - Microsoft Exchange Server 2019 Cumulative Update 11
CVE-2022-41040 (GCVE-0-2022-41040)
Vulnerability from cvelistv5
Published
2022-10-03 00:00
Modified
2025-10-21 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.044 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040"
},
{
"name": "VU#915563",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/915563"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41040",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-23T21:11:09.910371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-09-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41040"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:33.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41040"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-09-30T00:00:00+00:00",
"value": "CVE-2022-41040 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.044",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.037",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.036",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.016",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.044",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.037",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.036",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.016",
"versionStartIncluding": "15.01.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-09-30T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:10:48.981Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41040",
"datePublished": "2022-10-03T00:00:00.000Z",
"dateReserved": "2022-09-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:33.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21710 (GCVE-0-2023-21710)
Vulnerability from cvelistv5
Published
2023-02-14 19:33
Modified
2025-02-28 21:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.021 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:02.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21710"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T20:23:16.119377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T21:14:01.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.021",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.041",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.025",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.021",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.041",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.025",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-02-14T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:41:16.649Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21710"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21710",
"datePublished": "2023-02-14T19:33:41.835Z",
"dateReserved": "2022-12-13T18:08:03.490Z",
"dateUpdated": "2025-02-28T21:14:01.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34453 (GCVE-0-2021-34453)
Vulnerability from cvelistv5
Published
2021-10-13 00:26
Modified
2024-08-04 00:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Denial of Service
Summary
Microsoft Exchange Server Denial of Service Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Version: 15.02.0 < 15.02.0986.009 cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T20:30:38.736301Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T20:30:48.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:50.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.009",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.015",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.012",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-12T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:52:09.137Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34453"
}
],
"title": "Microsoft Exchange Server Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-34453",
"datePublished": "2021-10-13T00:26:37",
"dateReserved": "2021-06-09T00:00:00",
"dateUpdated": "2024-08-04T00:12:50.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21979 (GCVE-0-2022-21979)
Vulnerability from cvelistv5
Published
2022-08-09 19:47
Modified
2025-01-02 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Microsoft Exchange Server Information Disclosure Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Version: 15.02.0 < 15.02.0986.030 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:54.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21979"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.030",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.042",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.032",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.013",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.030",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.042",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.032",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.015",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.013",
"versionStartIncluding": "15.01.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-08-09T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T19:34:18.873Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21979"
}
],
"title": "Microsoft Exchange Server Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-21979",
"datePublished": "2022-08-09T19:47:10",
"dateReserved": "2021-12-16T00:00:00",
"dateUpdated": "2025-01-02T19:34:18.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41123 (GCVE-0-2022-41123)
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-01-02 21:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.020 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.016",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.036",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.037",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.016",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.036",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.037",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-11-08T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:31:27.625Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41123",
"datePublished": "2022-11-09T00:00:00",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2025-01-02T21:31:27.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21529 (GCVE-0-2023-21529)
Vulnerability from cvelistv5
Published
2023-02-14 19:33
Modified
2025-01-01 00:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.025 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.025",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.041",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.047",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.021",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.025",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.041",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.047",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.021",
"versionStartIncluding": "15.01.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-02-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:40:42.972Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21529",
"datePublished": "2023-02-14T19:33:00.590Z",
"dateReserved": "2022-12-01T14:00:11.197Z",
"dateUpdated": "2025-01-01T00:40:42.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23277 (GCVE-0-2022-23277)
Vulnerability from cvelistv5
Published
2022-03-09 17:06
Modified
2025-07-08 15:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.033 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:36:20.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.033",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.027",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.027",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.024",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.022",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.033",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2308.027",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0922.027",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.024",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.022",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-03-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:31:45.744Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-23277",
"datePublished": "2022-03-09T17:06:55",
"dateReserved": "2022-01-15T00:00:00",
"dateUpdated": "2025-07-08T15:31:45.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21978 (GCVE-0-2022-21978)
Vulnerability from cvelistv5
Published
2022-05-10 20:33
Modified
2025-01-02 18:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Version: 15.0.0 < 15.01.2375.028 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:54.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21978"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.028",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.026",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.36",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.009",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.009",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.028",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.026",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.36",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.009",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.009",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-05-10T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T18:58:25.947Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21978"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-21978",
"datePublished": "2022-05-10T20:33:14",
"dateReserved": "2021-12-16T00:00:00",
"dateUpdated": "2025-01-02T18:58:25.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41350 (GCVE-0-2021-41350)
Vulnerability from cvelistv5
Published
2021-10-13 00:28
Modified
2024-08-04 03:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Version: 15.01.0 < 15.01.2308.015 cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-41350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:04:51.954198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:12:59.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:32.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41350"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.015",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.009",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.012",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-12T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:52:17.494Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41350"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-41350",
"datePublished": "2021-10-13T00:28:13",
"dateReserved": "2021-09-17T00:00:00",
"dateUpdated": "2024-08-04T03:08:32.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42321 (GCVE-0-2021-42321)
Vulnerability from cvelistv5
Published
2021-11-10 00:47
Modified
2025-10-21 23:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Version: 15.01.0 < 15.01.2308.020 cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42321"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166153/Microsoft-Exchange-Server-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168131/Microsoft-Exchange-Server-ChainedSerializationBinder-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-42321",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-03T16:43:32.753195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-17",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42321"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:25.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-42321"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-17T00:00:00+00:00",
"value": "CVE-2021-42321 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.020",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0792.019",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.017",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:47:48.107Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42321"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/166153/Microsoft-Exchange-Server-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168131/Microsoft-Exchange-Server-ChainedSerializationBinder-Remote-Code-Execution.html"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-42321",
"datePublished": "2021-11-10T00:47:43.000Z",
"dateReserved": "2021-10-12T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:25.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24477 (GCVE-0-2022-24477)
Vulnerability from cvelistv5
Published
2022-08-09 19:47
Modified
2025-01-02 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.042 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:55.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.042",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.032",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.030",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.013",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.042",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.032",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.030",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.015",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.013",
"versionStartIncluding": "15.01.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-08-09T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T19:34:20.501Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-24477",
"datePublished": "2022-08-09T19:47:40",
"dateReserved": "2022-02-05T00:00:00",
"dateUpdated": "2025-01-02T19:34:20.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26427 (GCVE-0-2021-26427)
Vulnerability from cvelistv5
Published
2021-10-13 00:26
Modified
2024-08-03 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Version: 15.0.0 < 15.01.2375.012 cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:26:25.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26427"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.012",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.009",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.024",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.015",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-12T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:52:19.160Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26427"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-26427",
"datePublished": "2021-10-13T00:26:32",
"dateReserved": "2021-01-29T00:00:00",
"dateUpdated": "2024-08-03T20:26:25.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21745 (GCVE-0-2023-21745)
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-02-28 21:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.017 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:51:49.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21745"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T20:23:29.281577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T21:14:28.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.017",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.021",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.037",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.017",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.021",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.037",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-01-10T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:36:22.546Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21745"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21745",
"datePublished": "2023-01-10T00:00:00.000Z",
"dateReserved": "2022-12-13T00:00:00.000Z",
"dateUpdated": "2025-02-28T21:14:28.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41078 (GCVE-0-2022-41078)
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-01-02 21:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.044 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:48.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.044",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.037",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.036",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.016",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.044",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.037",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.036",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.016",
"versionStartIncluding": "15.01.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-11-08T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:31:27.129Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41078",
"datePublished": "2022-11-09T00:00:00",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2025-01-02T21:31:27.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41080 (GCVE-0-2022-41080)
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-10-21 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.016 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:48.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41080",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-22T05:00:58.328537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-01-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41080"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:31.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41080"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-10T00:00:00+00:00",
"value": "CVE-2022-41080 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.016",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.044",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.036",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.037",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.016",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.044",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.036",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.037",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-11-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:31:28.814Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41080",
"datePublished": "2022-11-09T00:00:00.000Z",
"dateReserved": "2022-09-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:31.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21855 (GCVE-0-2022-21855)
Vulnerability from cvelistv5
Published
2022-01-11 20:22
Modified
2025-01-02 18:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.028 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:36.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21855"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.028",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.021",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.018",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.028",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2308.021",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0922.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.018",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.015",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-01-11T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T18:22:48.703Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21855"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-21855",
"datePublished": "2022-01-11T20:22:28",
"dateReserved": "2021-12-14T00:00:00",
"dateUpdated": "2025-01-02T18:22:48.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21761 (GCVE-0-2023-21761)
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-01-01 00:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Microsoft Exchange Server Information Disclosure Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.017 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:51:50.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21761"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.017",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.037",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.021",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.017",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.037",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.021",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-01-10T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:36:05.556Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21761"
}
],
"title": "Microsoft Exchange Server Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21761",
"datePublished": "2023-01-10T00:00:00",
"dateReserved": "2022-12-13T00:00:00",
"dateUpdated": "2025-01-01T00:36:05.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21846 (GCVE-0-2022-21846)
Vulnerability from cvelistv5
Published
2022-01-11 20:22
Modified
2025-01-02 18:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Version: 15.0.0 < 15.01.2375.018 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:36.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21846"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.018",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.028",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.021",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.018",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.015",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.028",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2308.021",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0922.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-01-11T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T18:22:48.227Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21846"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-21846",
"datePublished": "2022-01-11T20:22:22",
"dateReserved": "2021-12-14T00:00:00",
"dateUpdated": "2025-01-02T18:22:48.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21980 (GCVE-0-2022-21980)
Vulnerability from cvelistv5
Published
2022-08-09 19:47
Modified
2025-01-02 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.042 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:55.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.042",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.030",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.032",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.013",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.042",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.030",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.032",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.015",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.013",
"versionStartIncluding": "15.01.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-08-09T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T19:34:19.443Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-21980",
"datePublished": "2022-08-09T19:47:24",
"dateReserved": "2021-12-16T00:00:00",
"dateUpdated": "2025-01-02T19:34:19.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21762 (GCVE-0-2023-21762)
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-02-28 21:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.017 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:51:50.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21762"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T20:23:26.798051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T21:14:23.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.017",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.021",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.037",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.045",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.017",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.021",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.037",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.045",
"versionStartIncluding": "15.00.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-01-10T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:36:06.138Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21762"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21762",
"datePublished": "2023-01-10T00:00:00.000Z",
"dateReserved": "2022-12-13T00:00:00.000Z",
"dateUpdated": "2025-02-28T21:14:23.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41082 (GCVE-0-2022-41082)
Vulnerability from cvelistv5
Published
2022-10-03 00:00
Modified
2025-10-21 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.044 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-03-07T16:08:48.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-detection-script"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-mitigation-script"
},
{
"tags": [
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41082"
},
{
"name": "VU#915563",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/915563"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41082",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T17:55:49.337641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-09-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41082"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:33.797Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41082"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-09-30T00:00:00+00:00",
"value": "CVE-2022-41082 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.044",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.037",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.036",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.016",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.044",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.037",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.036",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.016",
"versionStartIncluding": "15.01.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-09-30T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T16:10:49.607Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41082",
"datePublished": "2022-10-03T00:00:00.000Z",
"dateReserved": "2022-09-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:33.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30134 (GCVE-0-2022-30134)
Vulnerability from cvelistv5
Published
2022-08-09 19:48
Modified
2025-01-02 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
Microsoft Exchange Server Information Disclosure Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.015 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:40:47.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.013",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.042",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.032",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.030",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.015",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.013",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.042",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.032",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.030",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-08-09T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T19:34:21.182Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134"
}
],
"title": "Microsoft Exchange Server Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-30134",
"datePublished": "2022-08-09T19:48:24",
"dateReserved": "2022-05-03T00:00:00",
"dateUpdated": "2025-01-02T19:34:21.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21707 (GCVE-0-2023-21707)
Vulnerability from cvelistv5
Published
2023-02-14 19:32
Modified
2025-02-28 21:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.023 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:02.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T20:23:24.218455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T21:14:18.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.023",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.026",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.042",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.048",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.023",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.026",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.042",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.048",
"versionStartIncluding": "15.00.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-02-14T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:40:46.968Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21707",
"datePublished": "2023-02-14T19:32:45.126Z",
"dateReserved": "2022-12-13T18:08:03.490Z",
"dateUpdated": "2025-02-28T21:14:18.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41349 (GCVE-0-2021-41349)
Vulnerability from cvelistv5
Published
2021-11-10 00:46
Modified
2024-08-04 03:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.026 cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:32.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41349"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.026",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.020",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0792.019",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.017",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:47:54.073Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41349"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-41349",
"datePublished": "2021-11-10T00:46:32",
"dateReserved": "2021-09-17T00:00:00",
"dateUpdated": "2024-08-04T03:08:32.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41348 (GCVE-0-2021-41348)
Vulnerability from cvelistv5
Published
2021-10-13 00:28
Modified
2024-08-04 03:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Version: 15.01.0 < 15.01.2308.015 cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:* |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:32.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.015",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.009",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.012",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-10-12T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:52:16.768Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41348"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-41348",
"datePublished": "2021-10-13T00:28:11",
"dateReserved": "2021-09-17T00:00:00",
"dateUpdated": "2024-08-04T03:08:32.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41079 (GCVE-0-2022-41079)
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-01-02 21:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.020 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.016",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.037",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.044",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.036",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.016",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.037",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.044",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.036",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-11-08T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:31:28.259Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41079",
"datePublished": "2022-11-09T00:00:00",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2025-01-02T21:31:28.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21706 (GCVE-0-2023-21706)
Vulnerability from cvelistv5
Published
2023-02-14 19:32
Modified
2025-01-01 00:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.025 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:02.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.025",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.021",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.041",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.047",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.025",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.021",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.041",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.047",
"versionStartIncluding": "15.00.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-02-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:40:46.418Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21706"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21706",
"datePublished": "2023-02-14T19:32:44.189Z",
"dateReserved": "2022-12-13T18:08:03.490Z",
"dateUpdated": "2025-01-01T00:40:46.418Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34692 (GCVE-0-2022-34692)
Vulnerability from cvelistv5
Published
2022-08-09 19:52
Modified
2025-06-05 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Microsoft Exchange Server Information Disclosure Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.012 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:15:16.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34692"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-34692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T18:06:34.532316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T18:06:39.988Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.012",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.012",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.029",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.031",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.012",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.012",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.029",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.031",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-08-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T19:34:22.302Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34692"
}
],
"title": "Microsoft Exchange Server Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-34692",
"datePublished": "2022-08-09T19:52:09.000Z",
"dateReserved": "2022-06-27T00:00:00.000Z",
"dateUpdated": "2025-06-05T18:06:39.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21763 (GCVE-0-2023-21763)
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-01-01 00:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Version: 15.02.0 < 15.02.0986.037 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:51:50.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21763"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.037",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.021",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.017",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.037",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.021",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.017",
"versionStartIncluding": "15.01.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-01-10T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:36:06.648Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21763"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21763",
"datePublished": "2023-01-10T00:00:00",
"dateReserved": "2022-12-13T00:00:00",
"dateUpdated": "2025-01-01T00:36:06.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21969 (GCVE-0-2022-21969)
Vulnerability from cvelistv5
Published
2022-01-11 20:23
Modified
2025-01-02 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote Code Execution
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.028 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:54.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21969"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.028",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.021",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.018",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.028",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2308.021",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0922.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.018",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.015",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-01-11T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T18:23:09.499Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21969"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-21969",
"datePublished": "2022-01-11T20:23:34",
"dateReserved": "2021-12-16T00:00:00",
"dateUpdated": "2025-01-02T18:23:09.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42305 (GCVE-0-2021-42305)
Vulnerability from cvelistv5
Published
2021-11-10 00:47
Modified
2024-08-04 03:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.026 cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:30:38.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.026",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.020",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0792.019",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.017",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.014",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-09T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T14:48:03.858Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42305"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-42305",
"datePublished": "2021-11-10T00:47:38",
"dateReserved": "2021-10-12T00:00:00",
"dateUpdated": "2024-08-04T03:30:38.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24516 (GCVE-0-2022-24516)
Vulnerability from cvelistv5
Published
2022-08-09 19:47
Modified
2025-01-02 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Elevation of Privilege
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Version: 15.0.0 < 15.01.2375.032 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:56.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.032",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.030",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.042",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.013",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.032",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.030",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.042",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.015",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.013",
"versionStartIncluding": "15.01.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-08-09T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T19:34:19.958Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-24516",
"datePublished": "2022-08-09T19:47:56",
"dateReserved": "2022-02-05T00:00:00",
"dateUpdated": "2025-01-02T19:34:19.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21764 (GCVE-0-2023-21764)
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-01-01 00:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Version: 15.02.0 < 15.02.0986.037 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:51:50.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.037",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.021",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.017",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.037",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.021",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.017",
"versionStartIncluding": "15.01.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-01-10T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:36:07.163Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21764"
}
],
"title": "Microsoft Exchange Server Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21764",
"datePublished": "2023-01-10T00:00:00",
"dateReserved": "2022-12-13T00:00:00",
"dateUpdated": "2025-01-01T00:36:07.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24463 (GCVE-0-2022-24463)
Vulnerability from cvelistv5
Published
2022-03-09 17:07
Modified
2025-07-08 15:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Spoofing
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 21 |
Version: 15.01.0 < 15.01.2308.027 |
||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:55.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 21",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2308.027",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0922.027",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.024",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.022",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_21:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2308.027",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_10:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0922.027",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.024",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.022",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-03-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:31:32.346Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24463"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-24463",
"datePublished": "2022-03-09T17:07:44",
"dateReserved": "2022-02-05T00:00:00",
"dateUpdated": "2025-07-08T15:31:32.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}