CVE-2023-36039 — Deserialization of Untrusted Data in Microsoft Exchange Server 2016 Cumulative Update 23

CWE-502 — Deserialization of Untrusted Data2 documents2 sources

Severity

8.0HIGHCNA

No vector

EPSS

4.1%

top 11.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

3

Microsoft Exchange Server 2016 Cumulative Update 23 Microsoft Exchange Server 2019 Cumulative Update 12 Microsoft Exchange Server 2019 Cumulative Update 13

Timeline

PublishedNov 14

Description

Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Spoofing Vulnerability

Affected Packages3 packages

▶CVEListV5microsoft/microsoft_exchange_server_2016_cumulative_update_2315.01.0 — 15.01.2507.035

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_1215.02.0 — 15.02.1118.040

▶CVEListV5microsoft/microsoft_exchange_server_2019_cumulative_update_1315.02.0 — 15.02.1258.028

🔴Vulnerability Details

1

CVEList

Microsoft Exchange Server Spoofing Vulnerability↗2023-11-14

▶

📋Vendor Advisories

1

Microsoft

Microsoft Exchange Server Spoofing Vulnerability↗2023-11-14

▶

CVE-2023-36039 — Deserialization of Untrusted Data | cvebase