Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36039

8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2016 Cumulative Update 23; Microsoft Exchange Server 2019 Cumulative Update 12; Microsoft Exchange Server 2019 Cumulative Update 13
Vendor: CVE Published:; 14 November 2023

Summary

The spoofing vulnerability in Microsoft Exchange Server allows attackers to send emails that appear to come from legitimate sources, potentially leading to unauthorized access and exploitation of sensitive information. By leveraging this vulnerability, malicious actors can impersonate trusted users, circumvent email security measures, and compromise the integrity of communications within an organization.

Affected Version(s)

Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.035

Microsoft Exchange Server 2019 Cumulative Update 12 x64-based Systems 15.02.0 < 15.02.1118.040

Microsoft Exchange Server 2019 Cumulative Update 13 x64-based Systems 15.02.0 < 15.02.1258.028

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

19% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Jun 20, 2023