Vulnerabilites related to Microsoft - Microsoft Exchange Server 2019 Cumulative Update 12
CVE-2022-21980 (GCVE-0-2022-21980)
Vulnerability from cvelistv5
Published
2022-08-09 19:47
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.042 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:00:55.055Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.042", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.030", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.032", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.013", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.042", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.030", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.032", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.015", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.013", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:19.443Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21980", datePublished: "2022-08-09T19:47:24", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2025-01-02T19:34:19.443Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-30134 (GCVE-0-2022-30134)
Vulnerability from cvelistv5
Published
2022-08-09 19:48
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.015 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:40:47.587Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.013", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.042", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.032", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.030", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.015", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.013", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.042", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.032", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.030", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:21.182Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134", }, ], title: "Microsoft Exchange Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-30134", datePublished: "2022-08-09T19:48:24", dateReserved: "2022-05-03T00:00:00", dateUpdated: "2025-01-02T19:34:21.182Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-41080 (GCVE-0-2022-41080)
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-02-04 14:11
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.016 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:48.787Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-41080", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2023-12-22T05:00:58.328537Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-01-10", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41080", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-noinfo Not enough information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T14:11:16.864Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.016", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.044", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.036", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.037", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.016", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.020", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.044", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.036", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.037", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-11-08T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:31:28.814Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41080", datePublished: "2022-11-09T00:00:00.000Z", dateReserved: "2022-09-19T00:00:00.000Z", dateUpdated: "2025-02-04T14:11:16.864Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-28310 (GCVE-0-2023-28310)
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2025-02-28 21:09
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28310 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.027 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:38:23.798Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28310", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28310", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:21:08.458672Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:09:21.216Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.027", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.030", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.016", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.027", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.030", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.016", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:29.715Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28310", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-28310", datePublished: "2023-06-14T14:52:08.662Z", dateReserved: "2023-03-13T22:23:36.191Z", dateUpdated: "2025-02-28T21:09:21.216Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-41040 (GCVE-0-2022-41040)
Vulnerability from cvelistv5
Published
2022-10-03 00:00
Modified
2025-03-11 16:10
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.044 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.189Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41040", }, { name: "VU#915563", tags: [ "third-party-advisory", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/915563", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-41040", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-23T21:11:09.910371Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-09-30", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41040", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T18:34:51.462Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.044", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.037", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.036", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.016", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.044", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.037", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.036", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.020", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.016", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-09-30T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:10:48.981Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41040", datePublished: "2022-10-03T00:00:00.000Z", dateReserved: "2022-09-19T00:00:00.000Z", dateUpdated: "2025-03-11T16:10:48.981Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36745 (GCVE-0-2023-36745)
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-02-27 20:54
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 13 |
Version: 15.02.0 < 15.02.1258.025 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.191Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36745", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:51:25.415733Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:54:31.290Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:23.901Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36745", datePublished: "2023-09-12T16:58:31.857Z", dateReserved: "2023-06-26T13:29:45.609Z", dateUpdated: "2025-02-27T20:54:31.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36744 (GCVE-0-2023-36744)
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-02-27 20:54
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.037 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.441Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36744", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:51:23.166270Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:54:25.787Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:24.467Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36744", datePublished: "2023-09-12T16:58:32.372Z", dateReserved: "2023-06-26T13:29:45.609Z", dateUpdated: "2025-02-27T20:54:25.787Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-34692 (GCVE-0-2022-34692)
Vulnerability from cvelistv5
Published
2022-08-09 19:52
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34692 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.012 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T09:15:16.180Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34692", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.012", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.012", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.029", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.031", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.012", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.012", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.029", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.031", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:22.302Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34692", }, ], title: "Microsoft Exchange Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-34692", datePublished: "2022-08-09T19:52:09", dateReserved: "2022-06-27T00:00:00", dateUpdated: "2025-01-02T19:34:22.302Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-41082 (GCVE-0-2022-41082)
Vulnerability from cvelistv5
Published
2022-10-03 00:00
Modified
2025-03-11 16:10
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.044 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2025-03-07T16:08:48.794Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://www.vicarius.io/vsociety/posts/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-detection-script", }, { url: "https://www.vicarius.io/vsociety/posts/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-mitigation-script", }, { tags: [ "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41082", }, { name: "VU#915563", tags: [ "third-party-advisory", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/915563", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/", }, ], title: "CVE Program Container", x_generator: { engine: "ADPogram 0.0.1", }, }, { metrics: [ { other: { content: { id: "CVE-2022-41082", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-04T17:55:49.337641Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-09-30", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41082", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T18:04:19.309Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.044", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.037", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.036", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.016", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.044", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.037", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.036", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.020", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.016", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-09-30T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:10:49.607Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41082", datePublished: "2022-10-03T00:00:00.000Z", dateReserved: "2022-09-19T00:00:00.000Z", dateUpdated: "2025-03-11T16:10:49.607Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-21707 (GCVE-0-2023-21707)
Vulnerability from cvelistv5
Published
2023-02-14 19:32
Modified
2025-02-28 21:14
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.023 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:02.148Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21707", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:24.218455Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:14:18.304Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.023", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.026", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.042", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.048", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.023", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.026", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.042", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.048", versionStartIncluding: "15.00.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:46.968Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21707", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21707", datePublished: "2023-02-14T19:32:45.126Z", dateReserved: "2022-12-13T18:08:03.490Z", dateUpdated: "2025-02-28T21:14:18.304Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36778 (GCVE-0-2023-36778)
Vulnerability from cvelistv5
Published
2023-10-10 17:08
Modified
2025-04-14 22:46
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 13 |
Version: 15.02.0 < 15.02.1258.027 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:01:08.672Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36778", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:49:47.918947Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:42:24.461Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.027", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.039", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.034", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.027", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.039", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.034", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-10-10T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426: Untrusted Search Path", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T22:46:43.655Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36778", datePublished: "2023-10-10T17:08:12.082Z", dateReserved: "2023-06-27T15:11:59.870Z", dateUpdated: "2025-04-14T22:46:43.655Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-21709 (GCVE-0-2023-21709)
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:07
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.037 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:02.165Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21709", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:51:01.605859Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:07:14.157Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-307", description: "CWE-307: Improper Restriction of Excessive Authentication Attempts", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:58:32.494Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21709", datePublished: "2023-08-08T17:08:46.247Z", dateReserved: "2022-12-13T18:08:03.490Z", dateUpdated: "2025-02-27T21:07:14.157Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-41078 (GCVE-0-2022-41078)
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-01-02 21:31
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.044 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:48.920Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.044", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.037", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.036", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.016", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.044", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.037", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.036", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.020", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.016", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-11-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:31:27.129Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41078", datePublished: "2022-11-09T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:31:27.129Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-21762 (GCVE-0-2023-21762)
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-02-28 21:14
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21762 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.017 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:50.079Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21762", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21762", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:26.798051Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:14:23.383Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.017", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.021", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.045", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.017", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.021", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.045", versionStartIncluding: "15.00.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-01-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:36:06.138Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21762", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21762", datePublished: "2023-01-10T00:00:00.000Z", dateReserved: "2022-12-13T00:00:00.000Z", dateUpdated: "2025-02-28T21:14:23.383Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36039 (GCVE-0-2023-36039)
Vulnerability from cvelistv5
Published
2023-11-14 17:57
Modified
2025-01-08 16:05
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36039 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.035 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:37:41.218Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36039", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36039", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-23T17:11:59.763520Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T16:05:45.336Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.035", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.040", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.028", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.035", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.040", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.028", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-11-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:16:10.800Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36039", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36039", datePublished: "2023-11-14T17:57:30.641Z", dateReserved: "2023-06-20T20:44:39.828Z", dateUpdated: "2025-01-08T16:05:45.336Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-21978 (GCVE-0-2022-21978)
Vulnerability from cvelistv5
Published
2022-05-10 20:33
Modified
2025-01-02 18:58
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21978 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Version: 15.0.0 < 15.01.2375.028 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:00:54.517Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21978", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.028", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.026", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.36", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.009", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.009", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.028", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.026", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.36", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.009", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.009", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-05-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T18:58:25.947Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21978", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21978", datePublished: "2022-05-10T20:33:14", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2025-01-02T18:58:25.947Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-21529 (GCVE-0-2023-21529)
Vulnerability from cvelistv5
Published
2023-02-14 19:33
Modified
2025-01-01 00:40
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.025 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:01.279Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.041", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.047", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.021", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.041", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.047", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.021", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:42.972Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21529", datePublished: "2023-02-14T19:33:00.590Z", dateReserved: "2022-12-01T14:00:11.197Z", dateUpdated: "2025-01-01T00:40:42.972Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-21979 (GCVE-0-2022-21979)
Vulnerability from cvelistv5
Published
2022-08-09 19:47
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21979 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Version: 15.02.0 < 15.02.0986.030 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:00:54.424Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21979", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.030", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.042", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.032", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.013", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.030", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.042", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.032", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.015", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.013", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:18.873Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21979", }, ], title: "Microsoft Exchange Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-21979", datePublished: "2022-08-09T19:47:10", dateReserved: "2021-12-16T00:00:00", dateUpdated: "2025-01-02T19:34:18.873Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-41079 (GCVE-0-2022-41079)
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-01-02 21:31
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.020 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.178Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.016", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.037", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.044", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.036", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.020", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.016", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.037", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.044", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.036", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-11-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Spoofing", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:31:28.259Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41079", datePublished: "2022-11-09T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:31:28.259Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36439 (GCVE-0-2023-36439)
Vulnerability from cvelistv5
Published
2023-11-14 17:57
Modified
2025-01-01 02:15
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36439 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.035 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-36439", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2023-11-17T16:09:59.642451Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-18T21:00:35.123Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T16:45:57.321Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36439", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.035", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.028", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.040", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.035", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.028", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.040", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-11-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:15:47.221Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36439", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36439", datePublished: "2023-11-14T17:57:17.367Z", dateReserved: "2023-06-21T15:14:27.789Z", dateUpdated: "2025-01-01T02:15:47.221Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-41123 (GCVE-0-2022-41123)
Vulnerability from cvelistv5
Published
2022-11-09 00:00
Modified
2025-01-02 21:31
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.020 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.340Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.020", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.016", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.036", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.037", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.020", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.016", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.036", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.037", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-11-08T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T21:31:27.625Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-41123", datePublished: "2022-11-09T00:00:00", dateReserved: "2022-09-19T00:00:00", dateUpdated: "2025-01-02T21:31:27.625Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-21745 (GCVE-0-2023-21745)
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-02-28 21:14
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21745 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.017 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:49.423Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21745", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21745", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:29.281577Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:14:28.522Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.017", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.021", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.017", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.021", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.037", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-01-10T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:36:22.546Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21745", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21745", datePublished: "2023-01-10T00:00:00.000Z", dateReserved: "2022-12-13T00:00:00.000Z", dateUpdated: "2025-02-28T21:14:28.522Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-35388 (GCVE-0-2023-35388)
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:06
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35388 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 13 |
Version: 15.02.0 < 15.02.1258.025 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:23:59.697Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35388", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35388", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:53:35.992782Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:06:21.288Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:12.631Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35388", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-35388", datePublished: "2023-08-08T17:08:53.722Z", dateReserved: "2023-06-14T23:09:47.638Z", dateUpdated: "2025-02-27T21:06:21.288Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36756 (GCVE-0-2023-36756)
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-02-27 20:54
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.032 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.478Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36756", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:51:36.824363Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:54:36.639Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:23.287Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36756", datePublished: "2023-09-12T16:58:31.333Z", dateReserved: "2023-06-27T15:11:59.867Z", dateUpdated: "2025-02-27T20:54:36.639Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-21761 (GCVE-0-2023-21761)
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-01-01 00:36
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21761 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.017 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:50.988Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21761", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.017", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.021", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.017", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.021", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-01-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918: Server-Side Request Forgery (SSRF)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:36:05.556Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21761", }, ], title: "Microsoft Exchange Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21761", datePublished: "2023-01-10T00:00:00", dateReserved: "2022-12-13T00:00:00", dateUpdated: "2025-01-01T00:36:05.556Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-38182 (GCVE-0-2023-38182)
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:06
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38182 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 13 |
Version: 15.02.0 < 15.02.1258.025 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.191Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38182", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38182", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:53:34.546069Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:06:14.694Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:14.318Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38182", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-38182", datePublished: "2023-08-08T17:08:55.358Z", dateReserved: "2023-07-12T23:41:45.867Z", dateUpdated: "2025-02-27T21:06:14.694Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-24516 (GCVE-0-2022-24516)
Vulnerability from cvelistv5
Published
2022-08-09 19:47
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Version: 15.0.0 < 15.01.2375.032 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:13:56.041Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.032", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.030", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.042", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.013", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.032", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.030", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.042", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.015", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.013", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:19.958Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-24516", datePublished: "2022-08-09T19:47:56", dateReserved: "2022-02-05T00:00:00", dateUpdated: "2025-01-02T19:34:19.958Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36035 (GCVE-0-2023-36035)
Vulnerability from cvelistv5
Published
2023-11-14 17:57
Modified
2025-01-08 15:57
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36035 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.035 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:37:41.208Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36035", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36035", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-23T17:09:25.429224Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T15:57:11.405Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.035", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.040", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.028", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.035", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.040", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.028", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-11-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:16:13.978Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36035", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36035", datePublished: "2023-11-14T17:57:34.325Z", dateReserved: "2023-06-20T20:44:39.826Z", dateUpdated: "2025-01-08T15:57:11.405Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-21763 (GCVE-0-2023-21763)
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-01-01 00:36
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21763 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Version: 15.02.0 < 15.02.0986.037 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:50.908Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21763", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.021", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.017", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.021", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.017", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-01-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426: Untrusted Search Path", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:36:06.648Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21763", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21763", datePublished: "2023-01-10T00:00:00", dateReserved: "2022-12-13T00:00:00", dateUpdated: "2025-01-01T00:36:06.648Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-38181 (GCVE-0-2023-38181)
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:06
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38181 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.037 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.166Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38181", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38181", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:53:33.271675Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:06:09.342Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:14.859Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38181", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-38181", datePublished: "2023-08-08T17:08:55.897Z", dateReserved: "2023-07-12T23:41:45.867Z", dateUpdated: "2025-02-27T21:06:09.342Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-32031 (GCVE-0-2023-32031)
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2025-02-28 21:09
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32031 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.030 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:03:28.769Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32031", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32031", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:21:05.791874Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:09:15.657Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.030", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.027", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.016", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.030", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.027", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.016", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:38.389Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32031", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-32031", datePublished: "2023-06-14T14:52:14.606Z", dateReserved: "2023-05-01T15:34:52.133Z", dateUpdated: "2025-02-28T21:09:15.657Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36757 (GCVE-0-2023-36757)
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-02-27 20:54
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.032 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.088Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36757", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:51:39.627696Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:54:42.584Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:22.716Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36757", datePublished: "2023-09-12T16:58:30.805Z", dateReserved: "2023-06-27T15:11:59.867Z", dateUpdated: "2025-02-27T20:54:42.584Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-21764 (GCVE-0-2023-21764)
Vulnerability from cvelistv5
Published
2023-01-10 00:00
Modified
2025-01-01 00:36
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21764 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Version: 15.02.0 < 15.02.0986.037 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:50.927Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21764", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.021", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.017", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.021", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.017", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-01-10T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426: Untrusted Search Path", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:36:07.163Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21764", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21764", datePublished: "2023-01-10T00:00:00", dateReserved: "2022-12-13T00:00:00", dateUpdated: "2025-01-01T00:36:07.163Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36050 (GCVE-0-2023-36050)
Vulnerability from cvelistv5
Published
2023-11-14 17:57
Modified
2025-01-08 16:07
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36050 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.040 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:37:41.387Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36050", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36050", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-23T17:17:22.952704Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T16:07:09.235Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.040", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.035", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.028", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.040", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.035", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.028", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-11-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:16:10.208Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36050", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36050", datePublished: "2023-11-14T17:57:30.038Z", dateReserved: "2023-06-20T20:44:39.829Z", dateUpdated: "2025-01-08T16:07:09.235Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-35368 (GCVE-0-2023-35368)
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:09
Severity ?
EPSS score ?
Summary
Microsoft Exchange Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 13 |
Version: 15.02.0 < 15.02.1258.025 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:23:59.698Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35368", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:54:01.823395Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:09:10.272Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:58:33.278Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368", }, ], title: "Microsoft Exchange Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-35368", datePublished: "2023-08-08T17:08:18.275Z", dateReserved: "2023-06-14T23:09:47.636Z", dateUpdated: "2025-02-27T21:09:10.272Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36777 (GCVE-0-2023-36777)
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-02-27 20:53
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.037 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.616Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36777", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:49:41.553345Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:53:50.174Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:39.256Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777", }, ], title: "Microsoft Exchange Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36777", datePublished: "2023-09-12T16:58:41.822Z", dateReserved: "2023-06-27T15:11:59.870Z", dateUpdated: "2025-02-27T20:53:50.174Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-38185 (GCVE-0-2023-38185)
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:07
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38185 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 13 |
Version: 15.02.0 < 15.02.1258.025 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.167Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38185", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38185", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:53:50.935699Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:07:43.934Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-23", description: "CWE-23: Relative Path Traversal", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:58:59.147Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38185", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-38185", datePublished: "2023-08-08T17:08:41.686Z", dateReserved: "2023-07-12T23:41:45.869Z", dateUpdated: "2025-02-27T21:07:43.934Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2022-24477 (GCVE-0-2022-24477)
Vulnerability from cvelistv5
Published
2022-08-09 19:47
Modified
2025-01-02 19:34
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Version: 15.00.0 < 15.00.1497.042 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:13:55.643Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.042", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 22", vendor: "Microsoft", versions: [ { lessThan: "15.01.2375.032", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.030", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.015", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.013", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.042", versionStartIncluding: "15.00.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*", versionEndExcluding: "15.01.2375.032", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.030", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.015", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.013", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-08-09T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:34:20.501Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-24477", datePublished: "2022-08-09T19:47:40", dateReserved: "2022-02-05T00:00:00", dateUpdated: "2025-01-02T19:34:20.501Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-21706 (GCVE-0-2023-21706)
Vulnerability from cvelistv5
Published
2023-02-14 19:32
Modified
2025-01-01 00:40
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21706 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.025 |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:02.299Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21706", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.021", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.041", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2013 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.00.1497.047", status: "affected", version: "15.00.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.021", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.041", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.00.1497.047", versionStartIncluding: "15.00.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:46.418Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21706", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21706", datePublished: "2023-02-14T19:32:44.189Z", dateReserved: "2022-12-13T18:08:03.490Z", dateUpdated: "2025-01-01T00:40:46.418Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-21710 (GCVE-0-2023-21710)
Vulnerability from cvelistv5
Published
2023-02-14 19:33
Modified
2025-02-28 21:14
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21710 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.021 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:02.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21710", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21710", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:16.119377Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:14:01.338Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.021", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 11", vendor: "Microsoft", versions: [ { lessThan: "15.02.0986.041", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.021", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*", versionEndExcluding: "15.02.0986.041", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.025", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:41:16.649Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21710", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21710", datePublished: "2023-02-14T19:33:41.835Z", dateReserved: "2022-12-13T18:08:03.490Z", dateUpdated: "2025-02-28T21:14:01.338Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }