Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-41079 (GCVE-0-2022-41079)
Vulnerability from cvelistv5 – Published: 2022-11-09 00:00 – Updated: 2025-01-02 21:31
VLAI
EPSS
Title
Microsoft Exchange Server Spoofing Vulnerability
Summary
Microsoft Exchange Server Spoofing Vulnerability
Severity
CWE
- Spoofing
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Affected:
15.02.0 , < 15.02.1118.020
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Affected:
15.01.0 , < 15.01.2507.016
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 22 |
Affected:
15.0.0 , < 15.01.2375.037
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.044
(custom)
|
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 11 |
Affected:
15.02.0 , < 15.02.0986.036
(custom)
|
Date Public
2022-11-08 08:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 12",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.1118.020",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2507.016",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 22",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2375.037",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.044",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 11",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0986.036",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*",
"versionEndExcluding": "15.02.1118.020",
"versionStartIncluding": "15.02.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2507.016",
"versionStartIncluding": "15.01.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_22:*:*:*:*:*:*",
"versionEndExcluding": "15.01.2375.037",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*",
"versionEndExcluding": "15.00.1497.044",
"versionStartIncluding": "15.00.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_11:*:*:*:*:*:*",
"versionEndExcluding": "15.02.0986.036",
"versionStartIncluding": "15.02.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-11-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:31:28.259Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Exchange Server Spoofing Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41079",
"datePublished": "2022-11-09T00:00:00.000Z",
"dateReserved": "2022-09-19T00:00:00.000Z",
"dateUpdated": "2025-01-02T21:31:28.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-41079",
"date": "2026-05-27",
"epss": "0.00972",
"percentile": "0.7688"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*\", \"matchCriteriaId\": \"DA166F2A-D83B-4D50-AD0B-668D813E0585\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*\", \"matchCriteriaId\": \"449CE85B-E599-44D3-A7C1-5133F6A55E86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF76AEDA-E574-40ED-B64F-8FDEF8CAC802\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*\", \"matchCriteriaId\": \"435343A4-BF10-461A-ABF2-D511A5FBDA75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*\", \"matchCriteriaId\": \"B23C8E3E-5243-4DA6-B9AA-F6053084B55E\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Exchange Server Spoofing Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de suplantaci\\u00f3n de identidad de Microsoft Exchange Server\"}]",
"id": "CVE-2022-41079",
"lastModified": "2024-11-21T07:22:34.253",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 5.9}]}",
"published": "2022-11-09T22:15:21.440",
"references": "[{\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-41079\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2022-11-09T22:15:21.440\",\"lastModified\":\"2024-11-21T07:22:34.253\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Exchange Server Spoofing Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de suplantaci\u00f3n de identidad de Microsoft Exchange Server\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA166F2A-D83B-4D50-AD0B-668D813E0585\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*\",\"matchCriteriaId\":\"449CE85B-E599-44D3-A7C1-5133F6A55E86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF76AEDA-E574-40ED-B64F-8FDEF8CAC802\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"435343A4-BF10-461A-ABF2-D511A5FBDA75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*\",\"matchCriteriaId\":\"B23C8E3E-5243-4DA6-B9AA-F6053084B55E\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2022-AVI-1015
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance, une élévation de privilèges, une usurpation d'identité, un contournement de la fonctionnalité de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Dynamics NAV 2018 | ||
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 23 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.0 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2022 Release Wave 2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.3 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 11 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2022 Release Wave 1 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 22 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 23 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | N/A | Nuget 2.1.2 | ||
| Microsoft | N/A | Dynamics 365 Business Central Spring 2019 Update | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 12 | ||
| Microsoft | N/A | Nuget 4.8.5 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2021 Release Wave 2 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Dynamics NAV 2018",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 22",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 2.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Dynamics 365 Business Central Spring 2019 Update",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41063"
},
{
"name": "CVE-2022-41105",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41105"
},
{
"name": "CVE-2022-41119",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41119"
},
{
"name": "CVE-2022-41061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41061"
},
{
"name": "CVE-2022-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41066"
},
{
"name": "CVE-2022-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41064"
},
{
"name": "CVE-2022-41107",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41107"
},
{
"name": "CVE-2022-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41123"
},
{
"name": "CVE-2022-41103",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41103"
},
{
"name": "CVE-2022-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41079"
},
{
"name": "CVE-2022-41106",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41106"
},
{
"name": "CVE-2022-41060",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41060"
},
{
"name": "CVE-2022-41104",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41104"
},
{
"name": "CVE-2022-41078",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41078"
},
{
"name": "CVE-2022-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41080"
},
{
"name": "CVE-2022-39253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-39253 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-39253"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41104 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41104"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41060 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41060"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41063 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41063"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41106 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41106"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41080 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41079 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41107 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41107"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41103 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41103"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41066 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41064 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41105 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41105"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41078 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41123 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41061 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41061"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41119 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119"
}
],
"reference": "CERTFR-2022-AVI-1015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-09T00:00:00.000000"
},
{
"description": "Ajout de syst\u00e8mes affect\u00e9s de la famille Microsoft Dynamics suite \u00e0 la mise \u00e0 jour du bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41066 du 08 novembre 2022.",
"revision_date": "2022-11-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, une \u00e9l\u00e9vation\nde privil\u00e8ges, une usurpation d\u0027identit\u00e9, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2022-AVI-1015
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance, une élévation de privilèges, une usurpation d'identité, un contournement de la fonctionnalité de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Dynamics NAV 2018 | ||
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 23 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.0 | ||
| Microsoft | N/A | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2022 Release Wave 2 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.3 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 11 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2022 Release Wave 1 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 22 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 23 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | N/A | Nuget 2.1.2 | ||
| Microsoft | N/A | Dynamics 365 Business Central Spring 2019 Update | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 12 | ||
| Microsoft | N/A | Nuget 4.8.5 | ||
| Microsoft | N/A | Microsoft Dynamics 365 Business Central 2021 Release Wave 2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Dynamics NAV 2018",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 22",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 2.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Dynamics 365 Business Central Spring 2019 Update",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 12",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Nuget 4.8.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-41063",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41063"
},
{
"name": "CVE-2022-41105",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41105"
},
{
"name": "CVE-2022-41119",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41119"
},
{
"name": "CVE-2022-41061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41061"
},
{
"name": "CVE-2022-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41066"
},
{
"name": "CVE-2022-41064",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41064"
},
{
"name": "CVE-2022-41107",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41107"
},
{
"name": "CVE-2022-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41123"
},
{
"name": "CVE-2022-41103",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41103"
},
{
"name": "CVE-2022-41079",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41079"
},
{
"name": "CVE-2022-41106",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41106"
},
{
"name": "CVE-2022-41060",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41060"
},
{
"name": "CVE-2022-41104",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41104"
},
{
"name": "CVE-2022-41078",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41078"
},
{
"name": "CVE-2022-41080",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41080"
},
{
"name": "CVE-2022-39253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-39253 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-39253"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41104 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41104"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41060 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41060"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41063 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41063"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41106 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41106"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41080 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41079 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41107 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41107"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41103 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41103"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41066 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41064 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41105 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41105"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41078 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41123 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41061 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41061"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41119 du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119"
}
],
"reference": "CERTFR-2022-AVI-1015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-09T00:00:00.000000"
},
{
"description": "Ajout de syst\u00e8mes affect\u00e9s de la famille Microsoft Dynamics suite \u00e0 la mise \u00e0 jour du bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41066 du 08 novembre 2022.",
"revision_date": "2022-11-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, une \u00e9l\u00e9vation\nde privil\u00e8ges, une usurpation d\u0027identit\u00e9, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 novembre 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
BDU:2022-06841
Vulnerability from fstec - Published: 08.11.2022
VLAI
Title
Уязвимость почтового сервера Microsoft Exchange Server, существующая из-за некорректной обработки пользовательских данных, позволяющая нарушителю провести спуфинговую атаку
Description
Уязвимость почтового сервера Microsoft Exchange Server существует из-за некорректной обработки пользовательских данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, провести спуфинговую атаку
Severity
Vendor
Microsoft Corp
Software Name
Microsoft Exchange Server
Software Version
2013 Cumulative Update 23 (Microsoft Exchange Server), 2019 Cumulative Update 11 (Microsoft Exchange Server), 2016 Cumulative Update 22 (Microsoft Exchange Server), 2016 Cumulative Update 23 (Microsoft Exchange Server), 2019 Cumulative Update 12 (Microsoft Exchange Server)
Possible Mitigations
Использование рекомендаций производителя:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079
Reference
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079
CWE
CWE-451
{
"CVSS 2.0": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"CVSS 3.0": "AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "2013 Cumulative Update 23 (Microsoft Exchange Server), 2019 Cumulative Update 11 (Microsoft Exchange Server), 2016 Cumulative Update 22 (Microsoft Exchange Server), 2016 Cumulative Update 23 (Microsoft Exchange Server), 2019 Cumulative Update 12 (Microsoft Exchange Server)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.11.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.11.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-06841",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-41079",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Microsoft Exchange Server",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Microsoft Exchange Server, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0430\u044f \u0438\u0437-\u0437\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0441\u043f\u0443\u0444\u0438\u043d\u0433\u043e\u0432\u0443\u044e \u0430\u0442\u0430\u043a\u0443",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "UI \u041b\u043e\u0436\u043d\u043e\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u043c. (CWE-451)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0447\u0442\u043e\u0432\u043e\u0433\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430 Microsoft Exchange Server \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0441\u043f\u0443\u0444\u0438\u043d\u0433\u043e\u0432\u0443\u044e \u0430\u0442\u0430\u043a\u0443",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-451",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,7)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8)"
}
CNVD-2023-72230
Vulnerability from cnvd - Published: 2023-09-28
VLAI
Title
Microsoft Exchange Server欺骗漏洞(CNVD-2023-72230)
Description
Microsoft Exchange Server是美国微软(Microsoft)公司的一套电子邮件服务程序。它提供邮件存取、储存、转发,语音邮件,邮件过滤筛选等功能。
Microsoft Exchange Server存在欺骗漏洞,攻击者可利用该漏洞进行欺骗攻击。
Severity
高
Patch Name
Microsoft Exchange Server欺骗漏洞(CNVD-2023-72230)的补丁
Patch Description
Microsoft Exchange Server是美国微软(Microsoft)公司的一套电子邮件服务程序。它提供邮件存取、储存、转发,语音邮件,邮件过滤筛选等功能。
Microsoft Exchange Server存在欺骗漏洞,攻击者可利用该漏洞进行欺骗攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41079
Reference
https://nvd.nist.gov/vuln/detail/CVE-2022-41079
Impacted products
| Name | ['Microsoft Exchange Server 2013 Cumulative Update 23', 'Microsoft Exchange Server 2019 Cumulative Update 11', 'Microsoft Exchange Server 2016 Cumulative Update 22', 'Microsoft Exchange Server 2019 Cumulative Update 12', 'Microsoft Exchange Server 2016 Cumulative Update 23'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-41079",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-41079"
}
},
"description": "Microsoft Exchange Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u670d\u52a1\u7a0b\u5e8f\u3002\u5b83\u63d0\u4f9b\u90ae\u4ef6\u5b58\u53d6\u3001\u50a8\u5b58\u3001\u8f6c\u53d1\uff0c\u8bed\u97f3\u90ae\u4ef6\uff0c\u90ae\u4ef6\u8fc7\u6ee4\u7b5b\u9009\u7b49\u529f\u80fd\u3002\n\nMicrosoft Exchange Server\u5b58\u5728\u6b3a\u9a97\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u6b3a\u9a97\u653b\u51fb\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41079",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2023-72230",
"openTime": "2023-09-28",
"patchDescription": "Microsoft Exchange Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u7535\u5b50\u90ae\u4ef6\u670d\u52a1\u7a0b\u5e8f\u3002\u5b83\u63d0\u4f9b\u90ae\u4ef6\u5b58\u53d6\u3001\u50a8\u5b58\u3001\u8f6c\u53d1\uff0c\u8bed\u97f3\u90ae\u4ef6\uff0c\u90ae\u4ef6\u8fc7\u6ee4\u7b5b\u9009\u7b49\u529f\u80fd\u3002\r\n\r\nMicrosoft Exchange Server\u5b58\u5728\u6b3a\u9a97\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u6b3a\u9a97\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Microsoft Exchange Server\u6b3a\u9a97\u6f0f\u6d1e\uff08CNVD-2023-72230\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Microsoft Exchange Server 2013 Cumulative Update 23",
"Microsoft Exchange Server 2019 Cumulative Update 11",
"Microsoft Exchange Server 2016 Cumulative Update 22",
"Microsoft Exchange Server 2019 Cumulative Update 12",
"Microsoft Exchange Server 2016 Cumulative Update 23"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2022-41079",
"serverity": "\u9ad8",
"submitTime": "2022-11-10",
"title": "Microsoft Exchange Server\u6b3a\u9a97\u6f0f\u6d1e\uff08CNVD-2023-72230\uff09"
}
FKIE_CVE-2022-41079
Vulnerability from fkie_nvd - Published: 2022-11-09 22:15 - Updated: 2024-11-21 07:22
Severity
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | exchange_server | 2013 | |
| microsoft | exchange_server | 2016 | |
| microsoft | exchange_server | 2016 | |
| microsoft | exchange_server | 2019 | |
| microsoft | exchange_server | 2019 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*",
"matchCriteriaId": "DA166F2A-D83B-4D50-AD0B-668D813E0585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*",
"matchCriteriaId": "449CE85B-E599-44D3-A7C1-5133F6A55E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*",
"matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*",
"matchCriteriaId": "435343A4-BF10-461A-ABF2-D511A5FBDA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*",
"matchCriteriaId": "B23C8E3E-5243-4DA6-B9AA-F6053084B55E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad de Microsoft Exchange Server"
}
],
"id": "CVE-2022-41079",
"lastModified": "2024-11-21T07:22:34.253",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-11-09T22:15:21.440",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-W5Q7-HJQM-R94F
Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2022-11-10 12:01
VLAI
Details
Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41078.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2022-41079"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-09T22:15:00Z",
"severity": "HIGH"
},
"details": "Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2022-41078.",
"id": "GHSA-w5q7-hjqm-r94f",
"modified": "2022-11-10T12:01:04Z",
"published": "2022-11-10T12:01:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41079"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41079"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2022-41079
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Microsoft Exchange Server Spoofing Vulnerability
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-41079",
"id": "GSD-2022-41079"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-41079"
],
"details": "Microsoft Exchange Server Spoofing Vulnerability",
"id": "GSD-2022-41079",
"modified": "2023-12-13T01:19:32.724504Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-41079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15.02.0",
"version_value": "15.02.1118.020"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15.01.0",
"version_value": "15.01.2507.016"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2016 Cumulative Update 22",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15.0.0",
"version_value": "15.01.2375.037"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2013 Cumulative Update 23",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15.00.0",
"version_value": "15.00.1497.044"
}
]
}
},
{
"product_name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15.02.0",
"version_value": "15.02.0986.036"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079",
"refsource": "MISC",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-41079"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079",
"refsource": "MISC",
"tags": [],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-06-13T17:15Z",
"publishedDate": "2022-11-09T22:15Z"
}
}
}
MSRC_CVE-2022-41079
Vulnerability from csaf_microsoft - Published: 2022-11-08 08:00 - Updated: 2022-12-13 08:00Summary
Microsoft Exchange Server Spoofing Vulnerability
Severity
Important
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Customer Action: Required. The vulnerability documented by this CVE requires customer action to resolve.
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Exchange Server 2013 Cumulative Update 23 15.00.1497.044
Microsoft Exchange Server 2013 Cumulative Update 23
|
15.00.1497.044 | ||
|
Microsoft Exchange Server 2016 Cumulative Update 22 15.01.2375.037
Microsoft Exchange Server 2016 Cumulative Update 22
|
15.01.2375.037 | ||
|
Microsoft Exchange Server 2019 Cumulative Update 11 15.02.0986.036
Microsoft Exchange Server 2019 Cumulative Update 11
|
15.02.0986.036 | ||
|
Microsoft Exchange Server 2019 Cumulative Update 12 15.02.1118.020
Microsoft Exchange Server 2019 Cumulative Update 12
|
15.02.1118.020 | ||
|
Microsoft Exchange Server 2016 Cumulative Update 23 15.01.2507.016
Microsoft Exchange Server 2016 Cumulative Update 23
|
15.01.2507.016 |
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Exchange Server 2016 Cumulative Update 23 <15.01.2507.016
Microsoft Exchange Server 2016 Cumulative Update 23
|
<15.01.2507.016 |
Vendor Fix
fix
|
|
|
Microsoft Exchange Server 2019 Cumulative Update 12 <15.02.1118.020
Microsoft Exchange Server 2019 Cumulative Update 12
|
<15.02.1118.020 |
Vendor Fix
fix
|
|
|
Microsoft Exchange Server 2019 Cumulative Update 11 <15.02.0986.036
Microsoft Exchange Server 2019 Cumulative Update 11
|
<15.02.0986.036 |
Vendor Fix
fix
|
|
|
Microsoft Exchange Server 2016 Cumulative Update 22 <15.01.2375.037
Microsoft Exchange Server 2016 Cumulative Update 22
|
<15.01.2375.037 |
Vendor Fix
fix
|
|
|
Microsoft Exchange Server 2013 Cumulative Update 23 <15.00.1497.044
Microsoft Exchange Server 2013 Cumulative Update 23
|
<15.00.1497.044 |
Vendor Fix
fix
|
Threats
Impact
Spoofing
Exploit Status
Exploited:No;Latest Software Release:Exploitation More Likely
References
7 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/csaf/2022/msrc_cve-202… | self |
| https://www.microsoft.com/en-us/msrc/exploitabili… | external |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
| https://msrc.microsoft.com/update-guide/vulnerabi… | self |
Acknowledgments
Piotr Bazydlo (@chudypb) of <a href="https://www.zerodayinitiative.com/">Trend Micro Zero Day Initiative</a>
<a href="https://github.com/zcgonvh">zcgonvh</a> with 360 noah lab
{
"document": {
"acknowledgments": [
{
"names": [
"Piotr Bazydlo (@chudypb) of \u003ca href=\"https://www.zerodayinitiative.com/\"\u003eTrend Micro Zero Day Initiative\u003c/a\u003e"
]
},
{
"names": [
"\u003ca href=\"https://github.com/zcgonvh\"\u003ezcgonvh\u003c/a\u003e with 360 noah lab"
]
}
],
"aggregate_severity": {
"namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
},
{
"category": "general",
"text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
"title": "Customer Action"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2022-41079 Microsoft Exchange Server Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
},
{
"category": "self",
"summary": "CVE-2022-41079 Microsoft Exchange Server Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/csaf/2022/msrc_cve-2022-41079.json"
},
{
"category": "external",
"summary": "Microsoft Exploitability Index",
"url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability",
"tracking": {
"current_release_date": "2022-12-13T08:00:00.000Z",
"generator": {
"date": "2025-01-02T21:31:19.557Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2022-41079",
"initial_release_date": "2022-11-08T08:00:00.000Z",
"revision_history": [
{
"date": "2022-11-08T08:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2022-11-15T08:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added acknowledgements. This is an informational change only."
},
{
"date": "2022-12-13T08:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Updated FAQ information. This is an informational change only."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c15.02.1118.020",
"product": {
"name": "Microsoft Exchange Server 2019 Cumulative Update 12 \u003c15.02.1118.020",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "15.02.1118.020",
"product": {
"name": "Microsoft Exchange Server 2019 Cumulative Update 12 15.02.1118.020",
"product_id": "12038"
}
}
],
"category": "product_name",
"name": "Microsoft Exchange Server 2019 Cumulative Update 12"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c15.01.2507.016",
"product": {
"name": "Microsoft Exchange Server 2016 Cumulative Update 23 \u003c15.01.2507.016",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "15.01.2507.016",
"product": {
"name": "Microsoft Exchange Server 2016 Cumulative Update 23 15.01.2507.016",
"product_id": "12039"
}
}
],
"category": "product_name",
"name": "Microsoft Exchange Server 2016 Cumulative Update 23"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c15.01.2375.037",
"product": {
"name": "Microsoft Exchange Server 2016 Cumulative Update 22 \u003c15.01.2375.037",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "15.01.2375.037",
"product": {
"name": "Microsoft Exchange Server 2016 Cumulative Update 22 15.01.2375.037",
"product_id": "11956"
}
}
],
"category": "product_name",
"name": "Microsoft Exchange Server 2016 Cumulative Update 22"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c15.00.1497.044",
"product": {
"name": "Microsoft Exchange Server 2013 Cumulative Update 23 \u003c15.00.1497.044",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "15.00.1497.044",
"product": {
"name": "Microsoft Exchange Server 2013 Cumulative Update 23 15.00.1497.044",
"product_id": "11682"
}
}
],
"category": "product_name",
"name": "Microsoft Exchange Server 2013 Cumulative Update 23"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c15.02.0986.036",
"product": {
"name": "Microsoft Exchange Server 2019 Cumulative Update 11 \u003c15.02.0986.036",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "15.02.0986.036",
"product": {
"name": "Microsoft Exchange Server 2019 Cumulative Update 11 15.02.0986.036",
"product_id": "11957"
}
}
],
"category": "product_name",
"name": "Microsoft Exchange Server 2019 Cumulative Update 11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41079",
"notes": [
{
"category": "general",
"text": "Microsoft",
"title": "Assigning CNA"
},
{
"category": "faq",
"text": "This vulnerability\u0027s attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require machine-in-the-middle (MITM) type setups or that rely on initially gaining a foothold in another environment.",
"title": "According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?"
},
{
"category": "faq",
"text": "Exploiting this vulnerability could allow the disclosure of NTLM hashes.",
"title": "What type of information could be disclosed by this vulnerability?"
},
{
"category": "faq",
"text": "Yes, the attacker must be authenticated.",
"title": "According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?"
},
{
"category": "faq",
"text": "If the attack is successful it could lead to a NTLM relay allowing for controls that would be able to block availability of a resource.",
"title": "According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of availability (A:H)? What does that mean for this vulnerability?"
}
],
"product_status": {
"fixed": [
"11682",
"11956",
"11957",
"12038",
"12039"
],
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-41079 Microsoft Exchange Server Spoofing Vulnerability - HTML",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
},
{
"category": "self",
"summary": "CVE-2022-41079 Microsoft Exchange Server Spoofing Vulnerability - CSAF",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "15.02.1118.020:Security Update:https://support.microsoft.com/help/5019758",
"product_ids": [
"2"
],
"url": "https://support.microsoft.com/help/5019758"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "15.01.2507.016:Security Update:https://support.microsoft.com/help/5019758",
"product_ids": [
"1"
],
"url": "https://support.microsoft.com/help/5019758"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "15.01.2375.037:Security Update:https://support.microsoft.com/help/5019758",
"product_ids": [
"4"
],
"url": "https://support.microsoft.com/help/5019758"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "15.00.1497.044:Security Update:https://support.microsoft.com/help/5019758",
"product_ids": [
"5"
],
"url": "https://support.microsoft.com/help/5019758"
},
{
"category": "vendor_fix",
"date": "2022-11-08T08:00:00.000Z",
"details": "15.02.0986.036:Security Update:https://support.microsoft.com/help/5019758",
"product_ids": [
"3"
],
"url": "https://support.microsoft.com/help/5019758"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"exploitCodeMaturity": "UNPROVEN",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"remediationLevel": "OFFICIAL_FIX",
"reportConfidence": "CONFIRMED",
"scope": "UNCHANGED",
"temporalScore": 7.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"threats": [
{
"category": "impact",
"details": "Spoofing"
},
{
"category": "exploit_status",
"details": "Exploited:No;Latest Software Release:Exploitation More Likely"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
]
}
WID-SEC-W-2022-1980
Vulnerability from csaf_certbund - Published: 2022-11-08 23:00 - Updated: 2022-12-20 23:00Summary
Microsoft Exchange Server: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Microsoft Exchange Server ist das Serverprodukt für das Client-Server Groupware- und Nachrichtensystem der Firma Microsoft.
Angriff: Ein entfernter, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen im Microsoft Exchange Server ausnutzen, um seine Privilegien zu erhöhen und Informationen falsch darzustellen.
Betroffene Betriebssysteme: - Windows
Es existieren mehrere Schwachstellen in verschiedenen Versionen des Microsoft Exchange Servers, die noch nicht im Detail beschrieben sind. Ein entfernter authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern und Informationen falsch darzustellen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft / Exchange Server 2016
|
cpe:/a:microsoft:exchange_server_2016:cumulative_update_22
|
— | |
|
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft / Exchange Server 2019
|
cpe:/a:microsoft:exchange_server_2019:cumulative_update_11
|
— | |
|
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft
|
cpe:/a:microsoft:exchange_server_2013::cumulative_update_23
|
— | |
|
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft / Exchange Server 2019
|
cpe:/a:microsoft:exchange_server_2019:cumulative_update_12
|
— | |
|
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft / Exchange Server 2016
|
cpe:/a:microsoft:exchange_server_2016:cumulative_update_23
|
— |
Es existieren mehrere Schwachstellen in verschiedenen Versionen des Microsoft Exchange Servers, die noch nicht im Detail beschrieben sind. Ein entfernter authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern und Informationen falsch darzustellen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft / Exchange Server 2016
|
cpe:/a:microsoft:exchange_server_2016:cumulative_update_22
|
— | |
|
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft / Exchange Server 2019
|
cpe:/a:microsoft:exchange_server_2019:cumulative_update_11
|
— | |
|
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft
|
cpe:/a:microsoft:exchange_server_2013::cumulative_update_23
|
— | |
|
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft / Exchange Server 2019
|
cpe:/a:microsoft:exchange_server_2019:cumulative_update_12
|
— | |
|
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft / Exchange Server 2016
|
cpe:/a:microsoft:exchange_server_2016:cumulative_update_23
|
— |
Es existieren mehrere Schwachstellen in verschiedenen Versionen des Microsoft Exchange Servers, die noch nicht im Detail beschrieben sind. Ein entfernter authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern und Informationen falsch darzustellen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft / Exchange Server 2016
|
cpe:/a:microsoft:exchange_server_2016:cumulative_update_22
|
— | |
|
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft / Exchange Server 2019
|
cpe:/a:microsoft:exchange_server_2019:cumulative_update_11
|
— | |
|
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft
|
cpe:/a:microsoft:exchange_server_2013::cumulative_update_23
|
— | |
|
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft / Exchange Server 2019
|
cpe:/a:microsoft:exchange_server_2019:cumulative_update_12
|
— | |
|
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft / Exchange Server 2016
|
cpe:/a:microsoft:exchange_server_2016:cumulative_update_23
|
— |
Es existieren mehrere Schwachstellen in verschiedenen Versionen des Microsoft Exchange Servers, die noch nicht im Detail beschrieben sind. Ein entfernter authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern und Informationen falsch darzustellen.
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft / Exchange Server 2016
|
cpe:/a:microsoft:exchange_server_2016:cumulative_update_22
|
— | |
|
Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft / Exchange Server 2019
|
cpe:/a:microsoft:exchange_server_2019:cumulative_update_11
|
— | |
|
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft
|
cpe:/a:microsoft:exchange_server_2013::cumulative_update_23
|
— | |
|
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft / Exchange Server 2019
|
cpe:/a:microsoft:exchange_server_2019:cumulative_update_12
|
— | |
|
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft / Exchange Server 2016
|
cpe:/a:microsoft:exchange_server_2016:cumulative_update_23
|
— |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Microsoft Exchange Server ist das Serverprodukt f\u00fcr das Client-Server Groupware- und Nachrichtensystem der Firma Microsoft.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen im Microsoft Exchange Server ausnutzen, um seine Privilegien zu erh\u00f6hen und Informationen falsch darzustellen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1980 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1980.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1980 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1980"
},
{
"category": "external",
"summary": "CrowdStrike Identifies New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations vom 2022-12-20",
"url": "https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2022-11-08",
"url": "https://msrc.microsoft.com/update-guide"
}
],
"source_lang": "en-US",
"title": "Microsoft Exchange Server: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2022-12-20T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:37:40.176+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2022-1980",
"initial_release_date": "2022-11-08T23:00:00.000+00:00",
"revision_history": [
{
"date": "2022-11-08T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-12-20T23:00:00.000+00:00",
"number": "2",
"summary": "Exploit aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Microsoft Exchange Server 2013 Cumulative Update 23",
"product": {
"name": "Microsoft Exchange Server 2013 Cumulative Update 23",
"product_id": "T014545",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:exchange_server_2013::cumulative_update_23"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Microsoft Exchange Server 2016 Cumulative Update 22",
"product": {
"name": "Microsoft Exchange Server 2016 Cumulative Update 22",
"product_id": "T021028",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:exchange_server_2016:cumulative_update_22"
}
}
},
{
"category": "product_name",
"name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"product": {
"name": "Microsoft Exchange Server 2016 Cumulative Update 23",
"product_id": "T023152",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:exchange_server_2016:cumulative_update_23"
}
}
}
],
"category": "product_name",
"name": "Exchange Server 2016"
},
{
"branches": [
{
"category": "product_name",
"name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"product": {
"name": "Microsoft Exchange Server 2019 Cumulative Update 11",
"product_id": "T021027",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:exchange_server_2019:cumulative_update_11"
}
}
},
{
"category": "product_name",
"name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"product": {
"name": "Microsoft Exchange Server 2019 Cumulative Update 12",
"product_id": "T023151",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:exchange_server_2019:cumulative_update_12"
}
}
}
],
"category": "product_name",
"name": "Exchange Server 2019"
}
],
"category": "vendor",
"name": "Microsoft"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-41078",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Versionen des Microsoft Exchange Servers, die noch nicht im Detail beschrieben sind. Ein entfernter authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern und Informationen falsch darzustellen."
}
],
"product_status": {
"known_affected": [
"T021028",
"T021027",
"T014545",
"T023151",
"T023152"
]
},
"release_date": "2022-11-08T23:00:00.000+00:00",
"title": "CVE-2022-41078"
},
{
"cve": "CVE-2022-41079",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Versionen des Microsoft Exchange Servers, die noch nicht im Detail beschrieben sind. Ein entfernter authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern und Informationen falsch darzustellen."
}
],
"product_status": {
"known_affected": [
"T021028",
"T021027",
"T014545",
"T023151",
"T023152"
]
},
"release_date": "2022-11-08T23:00:00.000+00:00",
"title": "CVE-2022-41079"
},
{
"cve": "CVE-2022-41080",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Versionen des Microsoft Exchange Servers, die noch nicht im Detail beschrieben sind. Ein entfernter authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern und Informationen falsch darzustellen."
}
],
"product_status": {
"known_affected": [
"T021028",
"T021027",
"T014545",
"T023151",
"T023152"
]
},
"release_date": "2022-11-08T23:00:00.000+00:00",
"title": "CVE-2022-41080"
},
{
"cve": "CVE-2022-41123",
"notes": [
{
"category": "description",
"text": "Es existieren mehrere Schwachstellen in verschiedenen Versionen des Microsoft Exchange Servers, die noch nicht im Detail beschrieben sind. Ein entfernter authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern und Informationen falsch darzustellen."
}
],
"product_status": {
"known_affected": [
"T021028",
"T021027",
"T014545",
"T023151",
"T023152"
]
},
"release_date": "2022-11-08T23:00:00.000+00:00",
"title": "CVE-2022-41123"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…