CVE-2023-21762 — Deserialization of Untrusted Data in Microsoft Exchange Server 2013 Cumulative Update 23

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

8.0HIGHCNA

No vector

EPSS

0.4%

top 39.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

4

Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 11 +1 more

Timeline

PublishedJan 10

Latest updateJan 11

Description

Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability

Affected Packages4 packages

▶CVEListV5microsoft/microsoft_exchange_server_2013_cumulative_update_2315.00.0 — 15.00.1497.045

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_2315.01.0 — 15.01.2507.017

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_1115.02.0 — 15.02.0986.037

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_1215.02.0 — 15.02.1118.021

🔴Vulnerability Details

2

GHSA

GHSA-r79h-xwx8-4h7h: Microsoft Exchange Server Spoofing Vulnerability↗2023-01-11

▶

CVEList

Microsoft Exchange Server Spoofing Vulnerability↗2023-01-10

▶

📋Vendor Advisories

1

Microsoft

Microsoft Exchange Server Spoofing Vulnerability↗2023-01-10

▶

CVE-2023-21762 — Deserialization of Untrusted Data | cvebase