CVE Details
ID CVE-2021-26854
Summary Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*
    cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 09-03-2021 - 17:47)
Impact: 6.4
Exploitability:8.0
CWE NVD-CWE-noinfo
CAPEC Click the CAPEC title to display a description
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
CVSS v3.1
Base: 7.2 (as of 09-03-2021 - 17:47)
Impact: 5.9
Exploitability:1.2
Exploitability v3.1
Attack ComplexityAttack vectorPrivileges RequiredScopeUser Interaction
LOW NETWORK HIGH UNCHANGED NONE
Impact v3.1
ConfidentialityIntegrityAvailability
HIGH HIGH HIGH
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
cvss3-vector via4 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Last major update 09-03-2021 - 17:47
Published 03-03-2021 - 00:15
Last modified 09-03-2021 - 17:47
Back to Top