⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2021-41349Microsoft Exchange Server 2013 Cumulative Update 23 vulnerability

5 documents5 sources
Severity
6.5MEDIUMCNA
No vector
EPSS
91.1%
top 0.36%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
5
Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 21Microsoft Exchange Server 2016 Cumulative Update 22+2 more
Timeline
PublishedNov 10
Latest updateMay 24

Description

Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability

Affected Packages5 packages

🔴Vulnerability Details

3
GHSA
GHSA-xjg9-924r-39mj: Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-423052022-05-24
CVEList
Microsoft Exchange Server Spoofing Vulnerability2021-11-10
VulnCheck
Microsoft Exchange Server Spoofing Vulnerability2021

💥Exploits & PoCs

1
Nuclei
Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting

📋Vendor Advisories

1
Microsoft
Microsoft Exchange Server Spoofing Vulnerability2021-11-09
CVE-2021-41349 — Microsoft vulnerability | cvebase