CVE-2023-21745 — Deserialization of Untrusted Data in Microsoft Exchange Server 2016 Cumulative Update 23

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

8.0HIGHCNA

No vector

EPSS

0.4%

top 39.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

3

Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 11 Microsoft Exchange Server 2019 Cumulative Update 12

Timeline

PublishedJan 10

Latest updateJan 11

Description

Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability

Affected Packages3 packages

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_2315.01.0 — 15.01.2507.017

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_1115.02.0 — 15.02.0986.037

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_1215.02.0 — 15.02.1118.021

🔴Vulnerability Details

2

GHSA

GHSA-x5p9-xxf9-9475: Microsoft Exchange Server Spoofing Vulnerability↗2023-01-11

▶

CVEList

Microsoft Exchange Server Spoofing Vulnerability↗2023-01-10

▶

📋Vendor Advisories

1

Microsoft

Microsoft Exchange Server Spoofing Vulnerability↗2023-01-10

▶

CVE-2023-21745 — Deserialization of Untrusted Data | cvebase