CVE-2021-1730

4 documents4 sources

Severity

5.4MEDIUM

EPSS

2.0%

top 16.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Exchange Server 2016 Cumulative Update 18 Microsoft Microsoft Exchange Server 2019 Cumulative Update 7 Microsoft Exchange Server

Timeline

PublishedFeb 25

Latest updateMay 24

Description

A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user. This update addresses this vulnerability. To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. Please see further instructions in the FAQ to put in place this mitigations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_715.02.0 — publication

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_1815.01.0 — publication

▶NVDmicrosoft/exchange_server2016, 2019+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-mp5r-32pv-q987: Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-24085↗2022-05-24

▶

CVEList

Microsoft Exchange Server Spoofing Vulnerability↗2021-02-25

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Server Spoofing Vulnerability↗2021-02-09

▶