Microsoft Exchange Server 2019 Cumulative Update 3 vulnerabilities
8 known vulnerabilities affecting microsoft/microsoft_exchange_server_2019_cumulative_update_3.
Total CVEs
8
CISA KEV
5
actively exploited
Public exploits
3
Exploited in wild
5
Severity breakdown
CRITICAL2HIGH5MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-26855CRITICALCVSS 9.8KEVPoC≥ 15.02.0, < publication2021-03-03
CVE-2021-26855 [CRITICAL] CWE-918 CVE-2021-26855: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2021-26857HIGHCVSS 7.8KEV≥ 15.02.0, < publication2021-03-03
CVE-2021-26857 [HIGH] CWE-502 CVE-2021-26857: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2021-27065HIGHCVSS 7.8KEVPoC≥ 15.02.0, < publication2021-03-03
CVE-2021-27065 [HIGH] CWE-22 CVE-2021-27065: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2021-26858HIGHCVSS 7.8KEV≥ 15.02.0, < publication2021-03-03
CVE-2021-26858 [HIGH] CVE-2021-26858: Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2020-0903MEDIUMCVSS 5.4vunspecified2020-03-12
CVE-2020-0903 [MEDIUM] CWE-79 CVE-2020-0903: A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly s
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
cvelistv5nvd
CVE-2020-0688HIGHCVSS 8.8KEVPoCvunspecified2020-02-11
CVE-2020-0688 [HIGH] CWE-287 CVE-2020-0688: A remote code execution vulnerability exists in Microsoft Exchange software when the software fails
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
cvelistv5nvd
CVE-2020-0692HIGHCVSS 8.1vunspecified2020-02-11
CVE-2020-0692 [HIGH] CVE-2020-0692: An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
cvelistv5nvd
CVE-2019-1373CRITICALCVSS 9.8vunspecified2019-11-12
CVE-2019-1373 [CRITICAL] CWE-502 CVE-2019-1373: A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of me
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.
cvelistv5nvd