Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-31195

CWE-2905 documents5 sources
Severity
8.8HIGH
EPSS
77.6%
top 1.01%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Microsoft Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Microsoft Exchange Server 2016 Cumulative Update 19Microsoft Microsoft Exchange Server 2016 Cumulative Update 20+3 more
Timeline
PublishedMay 11
Latest updateMay 24

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-w3mg-g64h-4h34: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-311982022-05-24
CVEList
Microsoft Exchange Server Remote Code Execution Vulnerability2021-05-11

💥Exploits & PoCs

1
Nuclei
Microsoft Exchange Server - Cross-Site Scripting

📋Vendor Advisories

1
Microsoft
Microsoft Exchange Server Remote Code Execution Vulnerability2021-05-11
CVE-2021-31195 (HIGH CVSS 8.8) | Microsoft Exchange Server Remote Co | cvebase.io