CVE-2021-28482

9 documents8 sources

Severity

8.8HIGH

EPSS

81.4%

top 0.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Microsoft Exchange Server 2016 Cumulative Update 19 Microsoft Microsoft Exchange Server 2016 Cumulative Update 20 +3 more

Timeline

PublishedApr 13

Latest updateMay 24

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_815.02.0 — 15.02.0792.013

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_915.02.0 — 15.02.0858.010

▶CVEListV5microsoft/microsoft_exchange_server_2013_cumulative_update_2315.00.0 — 15.00.1497.015

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_1915.01.0 — 15.01.2176.012

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_2015.01.0 — 15.01.2242.008

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-5w74-wv2v-34cm: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28483↗2022-05-24

▶

CVEList

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021-04-13

▶

VulnCheck

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021

▶

🔍Detection Rules

Suricata

ET EXPLOIT Microsoft Exchange RCE Setup Inbound (CVE-2021-28482)↗2021-05-04

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021-04-13

▶