CVE-2021-31198

CWE-20 — Improper Input Validation CWE-94 — Code Injection CWE-77 — Command Injection4 documents4 sources

Severity

7.8HIGH

EPSS

4.0%

top 11.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

6

Microsoft Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Microsoft Exchange Server 2016 Cumulative Update 19 Microsoft Microsoft Exchange Server 2016 Cumulative Update 20 +3 more

Timeline

PublishedMay 11

Latest updateMay 24

Description

Microsoft Exchange Server Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_815.02.0 — 15.02.0792.015

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_915.02.0 — 15.02.0858.012

▶CVEListV5microsoft/microsoft_exchange_server_2013_cumulative_update_2315.00.0 — 15.00.1497.018

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_1915.01.0 — 15.01.2176.014

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_2015.01.0 — 15.01.2242.010

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-q258-48f4-r94w: Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31195↗2022-05-24

▶

CVEList

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021-05-11

▶

📋Vendor Advisories

1

Microsoft

Microsoft Exchange Server Remote Code Execution Vulnerability↗2021-05-11

▶

CVE-2021-31198 (HIGH CVSS 7.8) | Microsoft Exchange Server Remote Co | cvebase.io