Remote Code Execution Vulnerability Affects Microsoft Exchange Server
CVE-2024-26198
Key Information:
- Vendor
- Microsoft
- Status
- Vendor
- CVE Published:
- 12 March 2024
Badges
Summary
The vulnerability in Microsoft Exchange Server allows attackers to execute arbitrary code with elevated privileges. This results from improper input validation, enabling unauthorized actions on the affected system. Attackers could exploit this flaw through specially crafted requests, posing significant risks to data integrity and security. Organizations using vulnerable versions of Exchange Server should prioritize applying the necessary security updates to mitigate potential exploits.
Affected Version(s)
Microsoft Exchange Server 2016 Cumulative Update 23 x64-based Systems 15.01.0 < 15.01.2507.039
Microsoft Exchange Server 2019 Cumulative Update 13 x64-based Systems 15.02.0 < 15.02.1544.011
Microsoft Exchange Server 2019 Cumulative Update 14 x64-based Systems 15.02.0 < 15.02.1258.034
News Articles
Help Net SecurityReferences
CVSS V3.1
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π°
First article discovered by Help Net Security
Vulnerability published
Vulnerability Reserved