CVE-2021-26412 — Microsoft Exchange Server 2013 Cumulative Update 23 vulnerability

7 documents6 sources

Severity

7.2HIGHNVD

CNA9.1

EPSS

18.7%

top 4.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016 Cumulative Update 18 Microsoft Exchange Server 2016 Cumulative Update 19 +3 more

Timeline

PublishedMar 3

Latest updateMay 24

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_715.02.0 — publication

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_815.02.0 — publication

▶CVEListV5microsoft/microsoft_exchange_server_2013_cumulative_update_2315.00.0 — publication

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_1815.01.0 — publication

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_1915.01.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-xc64-jf3q-gg7j: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-2685↗2022-05-24

▶

CVEList

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021-03-02

▶

💥Exploits & PoCs

Nuclei

Microsoft Exchange Server SSRF Vulnerability

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021-03-09

▶