All the vulnerabilites related to Microsoft - Microsoft Exchange Server 2016 Cumulative Update 14
cve-2021-26855
Vulnerability from cvelistv5
Published
2021-03-02 23:55
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:33:40.999Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/162610/Microsoft-Exchange-2019-Unauthenticated-Email-Download.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 19", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 8", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2013 Cumulative Update 22", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.00.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 2", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 13", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2013 Cumulative Update 23", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.00.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 3", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 14", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 4", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 15", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 5", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 6", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 16", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 17", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 7", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 18", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2013 Cumulative Update 21", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.00.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 12", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 8", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 1", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 9", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 10", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 11", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] } ], "datePublic": "2021-03-02T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft Exchange Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.1, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Code Execution", "lang": "en-US", "type": "Impact" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-29T20:08:56.682Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/162610/Microsoft-Exchange-2019-Unauthenticated-Email-Download.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html" } ], "title": "Microsoft Exchange Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2021-26855", "datePublished": "2021-03-02T23:55:26", "dateReserved": "2021-02-08T00:00:00", "dateUpdated": "2024-08-03T20:33:40.999Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-0688
Vulnerability from cvelistv5
Published
2020-02-11 21:22
Modified
2024-08-04 06:11
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:11:05.469Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-258/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft Exchange Server 2013", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Cumulative Update 23" } ] }, { "product": "Microsoft Exchange Server 2019 Cumulative Update 3", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Exchange Server 2016 Cumulative Update 14", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Exchange Server 2016 Cumulative Update 15", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Exchange Server 2019 Cumulative Update 4", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka \u0027Microsoft Exchange Memory Corruption Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Code Execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-04T15:06:05", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-258/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0688", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Exchange Server 2013", "version": { "version_data": [ { "version_value": "Cumulative Update 23" } ] } }, { "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Exchange Server 2016 Cumulative Update 15", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Exchange Server 2019 Cumulative Update 4", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 30", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka \u0027Microsoft Exchange Memory Corruption Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Code Execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-258/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-258/" }, { "name": "http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156592/Microsoft-Exchange-2019-15.2.221.12-Remote-Code-Execution.html" }, { "name": "http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156620/Exchange-Control-Panel-Viewstate-Deserialization.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0688", "datePublished": "2020-02-11T21:22:59", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:11:05.469Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-0692
Vulnerability from cvelistv5
Published
2020-02-11 21:23
Modified
2024-08-04 06:11
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
References
▼ | URL | Tags |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:11:04.963Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft Exchange Server 2013", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Cumulative Update 23" } ] }, { "product": "Microsoft Exchange Server 2019 Cumulative Update 3", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Exchange Server 2016 Cumulative Update 14", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Exchange Server 2019 Cumulative Update 4", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Exchange Server 2016 Cumulative Update 15", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-02-11T21:23:00", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0692", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Exchange Server 2013", "version": { "version_data": [ { "version_value": "Cumulative Update 23" } ] } }, { "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Exchange Server 2019 Cumulative Update 4", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Exchange Server 2016 Cumulative Update 15", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka \u0027Microsoft Exchange Server Elevation of Privilege Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Elevation of Privilege" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0692", "datePublished": "2020-02-11T21:23:00", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:11:04.963Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-27065
Vulnerability from cvelistv5
Published
2021-03-02 23:55
Modified
2024-08-03 20:40
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:40:47.231Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2013 Cumulative Update 22", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.00.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 2", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 13", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2013 Cumulative Update 23", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.00.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 3", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 14", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 4", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 15", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 5", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 6", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 16", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 17", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 7", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 18", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 19", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 8", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_1:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2013 Service Pack 1", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.00.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2013 Cumulative Update 21", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.00.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 12", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 8", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 1", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 9", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 10", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 11", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] } ], "datePublic": "2021-03-02T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft Exchange Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Code Execution", "lang": "en-US", "type": "Impact" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-29T20:09:28.788Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html" } ], "title": "Microsoft Exchange Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2021-27065", "datePublished": "2021-03-02T23:55:28", "dateReserved": "2021-02-10T00:00:00", "dateUpdated": "2024-08-03T20:40:47.231Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-1373
Vulnerability from cvelistv5
Published
2019-11-12 18:52
Modified
2024-08-04 18:13
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.
References
▼ | URL | Tags |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T18:13:30.472Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft Exchange Server 2019", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Cumulative Update 2" } ] }, { "product": "Microsoft Exchange Server 2016", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Cumulative Update 13" } ] }, { "product": "Microsoft Exchange Server 2013", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "Cumulative Update 23" } ] }, { "product": "Microsoft Exchange Server 2019 Cumulative Update 3", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Exchange Server 2016 Cumulative Update 14", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka \u0027Microsoft Exchange Remote Code Execution Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Code Execution", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-11-12T18:52:50", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-1373", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Exchange Server 2019", "version": { "version_data": [ { "version_value": "Cumulative Update 2" } ] } }, { "product_name": "Microsoft Exchange Server 2016", "version": { "version_data": [ { "version_value": "Cumulative Update 13" } ] } }, { "product_name": "Microsoft Exchange Server 2013", "version": { "version_data": [ { "version_value": "Cumulative Update 23" } ] } }, { "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka \u0027Microsoft Exchange Remote Code Execution Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Code Execution" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-1373", "datePublished": "2019-11-12T18:52:50", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T18:13:30.472Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26857
Vulnerability from cvelistv5
Published
2021-03-02 23:55
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:33:40.973Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 19", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 8", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2013 Cumulative Update 22", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.00.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 2", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 13", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2013 Cumulative Update 23", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.00.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 3", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 14", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 4", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 15", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 5", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 6", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 16", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 17", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 7", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 18", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Exchange Server 2010 Service Pack 3", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "14.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_1:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2013 Service Pack 1", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.00.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2013 Cumulative Update 21", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.00.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 12", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 8", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 1", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 9", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 10", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 11", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] } ], "datePublic": "2021-03-02T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft Exchange Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Code Execution", "lang": "en-US", "type": "Impact" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-29T20:08:57.205Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26857" } ], "title": "Microsoft Exchange Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2021-26857", "datePublished": "2021-03-02T23:55:26", "dateReserved": "2021-02-08T00:00:00", "dateUpdated": "2024-08-03T20:33:40.973Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-26858
Vulnerability from cvelistv5
Published
2021-03-02 23:55
Modified
2024-08-03 20:33
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:33:41.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:*:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2013 Cumulative Update 22", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.00.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 2", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 13", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2013 Cumulative Update 23", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.00.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 3", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 14", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 4", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 15", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 5", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 6", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 16", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 17", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 7", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 18", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 19", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 8", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_21:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2013 Cumulative Update 21", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.00.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 12", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 8", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2019 Cumulative Update 1", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.02.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 9", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 10", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft Exchange Server 2016 Cumulative Update 11", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.01.0", "versionType": "custom" } ] } ], "datePublic": "2021-03-02T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft Exchange Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Remote Code Execution", "lang": "en-US", "type": "Impact" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-29T20:08:57.719Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26858" } ], "title": "Microsoft Exchange Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2021-26858", "datePublished": "2021-03-02T23:55:27", "dateReserved": "2021-02-08T00:00:00", "dateUpdated": "2024-08-03T20:33:41.156Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-0903
Vulnerability from cvelistv5
Published
2020-03-12 15:48
Modified
2024-08-04 06:18
Severity ?
EPSS score ?
Summary
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
References
▼ | URL | Tags |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0903 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:18:03.459Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0903" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Microsoft Exchange Server 2019 Cumulative Update 4", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Exchange Server 2016 Cumulative Update 15", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Exchange Server 2019 Cumulative Update 3", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] }, { "product": "Microsoft Exchange Server 2016 Cumulative Update 14", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "descriptions": [ { "lang": "en", "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka \u0027Microsoft Exchange Server Spoofing Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Spoofing", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-12T15:48:58", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0903" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-0903", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Exchange Server 2019 Cumulative Update 4", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Exchange Server 2016 Cumulative Update 15", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Exchange Server 2019 Cumulative Update 3", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Exchange Server 2016 Cumulative Update 14", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka \u0027Microsoft Exchange Server Spoofing Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Spoofing" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0903", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0903" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-0903", "datePublished": "2020-03-12T15:48:58", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:18:03.459Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }