CVE-2021-27078

10 documents7 sources

Severity

7.2HIGH

EPSS

23.3%

top 4.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Microsoft Exchange Server 2016 Cumulative Update 18 Microsoft Microsoft Exchange Server 2016 Cumulative Update 19 +3 more

Timeline

PublishedMar 3

Latest updateOct 21

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages6 packages

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_715.02.0 — publication

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_815.02.0 — publication

▶CVEListV5microsoft/microsoft_exchange_server_2013_cumulative_update_2315.00.0 — publication

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_1815.01.0 — publication

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_1915.01.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

linux-aws vulnerabilities↗2025-10-21

▶

OSV

linux-aws, linux-lts-xenial vulnerabilities↗2025-10-02

▶

OSV

linux, linux-kvm vulnerabilities↗2025-10-02

▶

GHSA

GHSA-5rg7-hgww-7chr: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-2685↗2022-05-24

▶

CVEList

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021-03-02

▶

💥Exploits & PoCs

Nuclei

Microsoft Exchange Server SSRF Vulnerability

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021-03-09

▶