CVE-2021-26857: Microsoft Exchange Server Remote Code Execution Vulnerability

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

KEVITWEXPLOIT

CISA Known Exploited Vulnerabilitydue 2022-05-03

Exploited in the wild

Microsoft Exchange Server Remote Code Execution Vulnerability

Affected

52 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	exchange_server	—	—
microsoft	exchange_server	—	—
microsoft	exchange_server	—	—
microsoft	exchange_server	—	—
microsoft	microsoft_exchange_server_2010_service_pack_3	>= 14.0.0.0 < publication	publication
microsoft	microsoft_exchange_server_2013_cumulative_update_21	>= 15.00.0 < publication	publication
microsoft	microsoft_exchange_server_2013_cumulative_update_22	>= 15.00.0 < publication	publication
microsoft	microsoft_exchange_server_2013_cumulative_update_23	>= 15.00.0 < publication	publication
microsoft	microsoft_exchange_server_2013_service_pack_1	>= 15.00.0 < publication	publication
microsoft	microsoft_exchange_server_2016_cumulative_update_10	>= 15.01.0 < publication	publication
microsoft	microsoft_exchange_server_2016_cumulative_update_11	>= 15.01.0 < publication	publication
microsoft	microsoft_exchange_server_2016_cumulative_update_12	>= 15.01.0 < publication	publication
microsoft	microsoft_exchange_server_2016_cumulative_update_13	>= 15.01.0 < publication	publication
microsoft	microsoft_exchange_server_2016_cumulative_update_14	>= 15.01.0 < publication	publication
microsoft	microsoft_exchange_server_2016_cumulative_update_15	>= 15.01.0 < publication	publication
microsoft	microsoft_exchange_server_2016_cumulative_update_16	>= 15.01.0 < publication	publication
microsoft	microsoft_exchange_server_2016_cumulative_update_17	>= 15.01.0 < publication	publication
microsoft	microsoft_exchange_server_2016_cumulative_update_18	>= 15.01.0 < publication	publication
microsoft	microsoft_exchange_server_2016_cumulative_update_19	>= 15.01.0 < publication	publication
microsoft	microsoft_exchange_server_2016_cumulative_update_8	>= 15.01.0 < publication	publication
microsoft	microsoft_exchange_server_2016_cumulative_update_9	>= 15.01.0 < publication	publication
microsoft	microsoft_exchange_server_2019	>= 15.02.0 < publication	publication
microsoft	microsoft_exchange_server_2019_cumulative_update_1	>= 15.02.0 < publication	publication
microsoft	microsoft_exchange_server_2019_cumulative_update_2	>= 15.02.0 < publication	publication
microsoft	microsoft_exchange_server_2019_cumulative_update_3	>= 15.02.0 < publication	publication

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

vulncheck7.8HIGH

cisa7.8HIGH