Spoofing Vulnerability Affects Microsoft Exchange Server
CVE-2023-21745

8HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft Exchange Server 2019 Cumulative Update 11
Vendor
CVE Published:
10 January 2023

Badges

πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

Summary

Microsoft Exchange Server Spoofing Vulnerability

Affected Version(s)

Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.017

Microsoft Exchange Server 2019 Cumulative Update 11 x64-based Systems 15.02.0 < 15.02.0986.037

Microsoft Exchange Server 2019 Cumulative Update 12 x64-based Systems 15.02.0 < 15.02.1118.021

News Articles

favicon imageBornCity

Exchange Server Security Updates (January 10, 2023)

[German]Microsoft has released security updates for Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019 as of January 10, 2023. These security updates close two vulnerabilities (Elevation of Privilege and Spoofing) in this software. These updates should be installed on systems in a t...

8 months ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

EPSS Score

4% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by BornCity

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)
.