Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36035

8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2016 Cumulative Update 23; Microsoft Exchange Server 2019 Cumulative Update 12; Microsoft Exchange Server 2019 Cumulative Update 13
Vendor: CVE Published:; 14 November 2023

Summary

A spoofing vulnerability in Microsoft Exchange Server enables attackers to impersonate legitimate users, potentially leading to unauthorized access and manipulation of sensitive information. This vulnerability could be exploited without user interaction, making timely updates and patches crucial for maintaining secure communications within organizations. For more details and remediation steps, please refer to the official Microsoft advisory.

Affected Version(s)

Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.035

Microsoft Exchange Server 2019 Cumulative Update 12 x64-based Systems 15.02.0 < 15.02.1118.040

Microsoft Exchange Server 2019 Cumulative Update 13 x64-based Systems 15.02.0 < 15.02.1258.028

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Jun 20, 2023