Microsoft Exchange Server Spoofing Vulnerability
CVE-2023-36757

8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Exchange Server 2016 Cumulative Update 23; Microsoft Exchange Server 2019 Cumulative Update 12; Microsoft Exchange Server 2019 Cumulative Update 13
Vendor: CVE Published:; 12 September 2023

Summary

A spoofing vulnerability exists in Microsoft Exchange Server. This flaw allows an attacker to impersonate another user, potentially leading to unauthorized access to email accounts and sensitive information. Organizations that rely on Microsoft Exchange Server for their communications should prioritize implementing security measures to mitigate the risks associated with this vulnerability. For more information and remediation guidance, refer to the official advisory from Microsoft.

Affected Version(s)

Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.032

Microsoft Exchange Server 2019 Cumulative Update 12 x64-based Systems 15.02.0 < 15.02.1118.037

Microsoft Exchange Server 2019 Cumulative Update 13 x64-based Systems 15.02.0 < 15.02.1258.025

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

19% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Jun 27, 2023