Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36050

8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2019 Cumulative Update 12; Microsoft Exchange Server 2016 Cumulative Update 23; Microsoft Exchange Server 2019 Cumulative Update 13
Vendor: CVE Published:; 14 November 2023

Summary

The susceptibility in Microsoft Exchange Server allows attackers to exploit spoofing techniques, potentially leading to unauthorized access and manipulation of email communications. These vulnerabilities could enable malicious actors to impersonate legitimate users, raising significant security risks for organizations relying on this email server. Addressing this flaw is crucial for maintaining the integrity and confidentiality of organizational communications.

Affected Version(s)

Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.035

Microsoft Exchange Server 2019 Cumulative Update 12 x64-based Systems 15.02.0 < 15.02.1118.040

Microsoft Exchange Server 2019 Cumulative Update 13 x64-based Systems 15.02.0 < 15.02.1258.028

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Jun 20, 2023