CVE-2021-28483

7 documents6 sources

Severity

9.0CRITICAL

EPSS

0.6%

top 31.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Microsoft Exchange Server 2016 Cumulative Update 19 Microsoft Microsoft Exchange Server 2016 Cumulative Update 20 +3 more

Timeline

PublishedApr 13

Latest updateMay 24

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages6 packages

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_815.02.0 — 15.02.0792.013

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_915.02.0 — 15.02.0858.010

▶CVEListV5microsoft/microsoft_exchange_server_2013_cumulative_update_2315.00.0 — 15.00.1497.015

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_1915.01.0 — 15.01.2176.012

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_2015.01.0 — 15.01.2242.008

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-r36c-4fw5-xj49: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-28480, CVE-2021-28481, CVE-2021-28482↗2022-05-24

▶

CVEList

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021-04-13

▶

📋Vendor Advisories

Microsoft

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021-04-13

▶