Microsoft Exchange Server 2016 Cumulative Update 23 vulnerabilities
62 known vulnerabilities affecting microsoft/microsoft_exchange_server_2016_cumulative_update_23.
Total CVEs
62
CISA KEV
6
actively exploited
Public exploits
4
Exploited in wild
7
Severity breakdown
CRITICAL3HIGH44MEDIUM15
Vulnerabilities
Page 1 of 4
CVE-2022-41040P1HIGHCVSS 8.8KEVPoCRansomware≥ 15.01.0, < 15.01.2507.0162022-10-03
CVE-2022-41040 [HIGH] CWE-918 CVE-2022-41040: Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
nvd
CVE-2022-41082P1HIGHCVSS 8.0KEVPoCRansomware≥ 15.01.0, < 15.01.2507.0162022-10-03
CVE-2022-41082 [HIGH] CWE-502 CVE-2022-41082: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2022-41080P1CRITICALCVSS 9.8KEVPoCRansomware≥ 15.01.0, < 15.01.2507.0162022-11-09
CVE-2022-41080 [CRITICAL] CVE-2022-41080: Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
nvd
CVE-2023-21529P1HIGHCVSS 8.8KEVRansomware≥ 15.01.0, < 15.01.2507.0212023-02-14
CVE-2023-21529 [HIGH] CWE-502 CVE-2023-21529: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2026-42897P1MEDIUMCVSS 6.1KEVPoC≥ 15.01.0.0, < 15.01.2507.0692026-05-14
CVE-2026-42897 [MEDIUM] CWE-79 CVE-2026-42897: Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ex
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2024-21410P1CRITICALCVSS 9.8KEV≥ 15.01.0, < 15.01.2507.0372024-02-13
CVE-2024-21410 [CRITICAL] CWE-287 CVE-2024-21410: Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
nvd
CVE-2023-36745P1HIGHCVSS 8.0Exploited≥ 15.01.0, < 15.01.2507.0322023-09-12
CVE-2023-36745 [HIGH] CWE-502 CVE-2023-36745: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2023-32031P2HIGHCVSS 8.8≥ 15.01.0, < 15.01.2507.0272023-06-14
CVE-2023-32031 [HIGH] CWE-502 CVE-2023-32031: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2023-21707P2HIGHCVSS 8.8≥ 15.01.0, < 15.01.2507.0232023-02-14
CVE-2023-21707 [HIGH] CWE-502 CVE-2023-21707: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2023-36744P2HIGHCVSS 8.0≥ 15.01.0, < 15.01.2507.0322023-09-12
CVE-2023-36744 [HIGH] CWE-502 CVE-2023-36744: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2023-36756P2HIGHCVSS 8.0≥ 15.01.0, < 15.01.2507.0322023-09-12
CVE-2023-36756 [HIGH] CWE-502 CVE-2023-36756: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2025-59249P2HIGHCVSS 8.8≥ 15.01.0.0, < 15.01.2507.0612025-10-14
CVE-2025-59249 [HIGH] CWE-1390 CVE-2025-59249: Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2023-28310P3HIGHCVSS 8.0≥ 15.01.0, < 15.01.2507.0272023-06-14
CVE-2023-28310 [HIGH] CWE-502 CVE-2023-28310: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2023-21706P2HIGHCVSS 8.8≥ 15.01.0, < 15.01.2507.0212023-02-14
CVE-2023-21706 [HIGH] CWE-502 CVE-2023-21706: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2024-26198P3HIGHCVSS 8.8≥ 15.01.0, < 15.01.2507.0392024-03-12
CVE-2024-26198 [HIGH] CWE-426 CVE-2024-26198: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2023-38185P3HIGHCVSS 8.8≥ 15.01.0, < 15.01.2507.0322023-08-08
CVE-2023-38185 [HIGH] CWE-23 CVE-2023-38185: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
CVE-2026-45504P3HIGHCVSS 8.8≥ 15.01.0.0, < 15.01.2507.0692026-06-09
CVE-2026-45504 [HIGH] CWE-918 CVE-2026-45504: Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to ele
Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2023-21709P3CRITICALCVSS 9.8≥ 15.01.0, < 15.01.2507.0322023-08-08
CVE-2023-21709 [CRITICAL] CWE-307 CVE-2023-21709: Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
nvd
CVE-2023-36777P3MEDIUMCVSS 5.7≥ 15.01.0, < 15.01.2507.0322023-09-12
CVE-2023-36777 [MEDIUM] CWE-502 CVE-2023-36777: Microsoft Exchange Server Information Disclosure Vulnerability
Microsoft Exchange Server Information Disclosure Vulnerability
nvd
CVE-2023-35388P3HIGHCVSS 8.0≥ 15.01.0, < 15.01.2507.0322023-08-08
CVE-2023-35388 [HIGH] CWE-502 CVE-2023-35388: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
nvd
1 / 4Next →