Vulnerabilites related to Microsoft - Microsoft Exchange Server 2019 Cumulative Update 13
cve-2024-21410
Vulnerability from cvelistv5
Published
2024-02-13 18:02
Modified
2024-12-31 18:51
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.037 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21410", options: [ { Exploitation: "Active", }, { Automatable: "Yes", }, { "Technical Impact": "Total", }, ], role: "CISA Coordinator", timestamp: "2024-02-15T05:15:55.675675Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2024-02-15", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-21410", }, type: "kev", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:37:41.726Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.564Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.037", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.2.1544.004", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 14", vendor: "Microsoft", versions: [ { lessThan: "15.2.1544.004", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.037", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.2.1544.004", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_14:*:*:*:*:*:*", versionEndExcluding: "15.2.1544.004", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-02-13T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287: Improper Authentication", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T18:51:49.904Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21410", datePublished: "2024-02-13T18:02:48.590Z", dateReserved: "2023-12-08T22:45:21.299Z", dateUpdated: "2024-12-31T18:51:49.904Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49040
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2025-01-30 00:09
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49040 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 13 |
Version: 15.02.0 < 15.02.1258.039 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49040", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:23:46.078959Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:52.529Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.039", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 14", vendor: "Microsoft", versions: [ { lessThan: "15.02.1544.014", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.044", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.039", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_14:*:*:*:*:*:*", versionEndExcluding: "15.02.1544.014", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.044", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-451", description: "CWE-451: User Interface (UI) Misrepresentation of Critical Information", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:09:56.090Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49040", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49040", datePublished: "2024-11-12T17:53:54.655Z", dateReserved: "2024-10-11T20:57:49.186Z", dateUpdated: "2025-01-30T00:09:56.090Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36757
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-02-27 20:54
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.032 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.088Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36757", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:51:39.627696Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:54:42.584Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:22.716Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36757", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36757", datePublished: "2023-09-12T16:58:30.805Z", dateReserved: "2023-06-27T15:11:59.867Z", dateUpdated: "2025-02-27T20:54:42.584Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36778
Vulnerability from cvelistv5
Published
2023-10-10 17:08
Modified
2025-04-14 22:46
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 13 |
Version: 15.02.0 < 15.02.1258.027 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:01:08.672Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36778", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:49:47.918947Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:42:24.461Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.027", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.039", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.034", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.027", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.039", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.034", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-10-10T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426: Untrusted Search Path", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T22:46:43.655Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36778", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36778", datePublished: "2023-10-10T17:08:12.082Z", dateReserved: "2023-06-27T15:11:59.870Z", dateUpdated: "2025-04-14T22:46:43.655Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35388
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:06
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35388 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 13 |
Version: 15.02.0 < 15.02.1258.025 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:23:59.697Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35388", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35388", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:53:35.992782Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:06:21.288Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:12.631Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35388", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-35388", datePublished: "2023-08-08T17:08:53.722Z", dateReserved: "2023-06-14T23:09:47.638Z", dateUpdated: "2025-02-27T21:06:21.288Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36745
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-02-27 20:54
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 13 |
Version: 15.02.0 < 15.02.1258.025 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.191Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36745", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:51:25.415733Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:54:31.290Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:23.901Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36745", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36745", datePublished: "2023-09-12T16:58:31.857Z", dateReserved: "2023-06-26T13:29:45.609Z", dateUpdated: "2025-02-27T20:54:31.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36777
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-02-27 20:53
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.037 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.616Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36777", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:49:41.553345Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:53:50.174Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:39.256Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36777", }, ], title: "Microsoft Exchange Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36777", datePublished: "2023-09-12T16:58:41.822Z", dateReserved: "2023-06-27T15:11:59.870Z", dateUpdated: "2025-02-27T20:53:50.174Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36035
Vulnerability from cvelistv5
Published
2023-11-14 17:57
Modified
2025-04-29 23:34
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36035 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.035 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:37:41.208Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36035", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36035", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-23T17:09:25.429224Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T15:57:11.405Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.035", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.040", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.028", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.035", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.040", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.028", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-11-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-29T23:34:42.837Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36035", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36035", datePublished: "2023-11-14T17:57:34.325Z", dateReserved: "2023-06-20T20:44:39.826Z", dateUpdated: "2025-04-29T23:34:42.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36756
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-02-27 20:54
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.032 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.478Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36756", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:51:36.824363Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:54:36.639Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:23.287Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36756", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36756", datePublished: "2023-09-12T16:58:31.333Z", dateReserved: "2023-06-27T15:11:59.867Z", dateUpdated: "2025-02-27T20:54:36.639Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36744
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-02-27 20:54
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.037 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.441Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36744", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:51:23.166270Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:54:25.787Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-09-12T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:04:24.467Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36744", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36744", datePublished: "2023-09-12T16:58:32.372Z", dateReserved: "2023-06-26T13:29:45.609Z", dateUpdated: "2025-02-27T20:54:25.787Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38181
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:06
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38181 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.037 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.166Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38181", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38181", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:53:33.271675Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:06:09.342Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:14.859Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38181", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-38181", datePublished: "2023-08-08T17:08:55.897Z", dateReserved: "2023-07-12T23:41:45.867Z", dateUpdated: "2025-02-27T21:06:09.342Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36439
Vulnerability from cvelistv5
Published
2023-11-14 17:57
Modified
2025-04-29 23:34
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36439 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.035 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-36439", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2023-11-17T16:09:59.642451Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-18T21:00:35.123Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T16:45:57.321Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36439", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.035", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.028", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.040", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.035", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.028", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.040", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-11-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-29T23:34:14.294Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36439", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36439", datePublished: "2023-11-14T17:57:17.367Z", dateReserved: "2023-06-21T15:14:27.789Z", dateUpdated: "2025-04-29T23:34:14.294Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35368
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:09
Severity ?
EPSS score ?
Summary
Microsoft Exchange Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 13 |
Version: 15.02.0 < 15.02.1258.025 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:23:59.698Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35368", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:54:01.823395Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:09:10.272Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:58:33.278Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35368", }, ], title: "Microsoft Exchange Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-35368", datePublished: "2023-08-08T17:08:18.275Z", dateReserved: "2023-06-14T23:09:47.636Z", dateUpdated: "2025-02-27T21:09:10.272Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28310
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2025-02-28 21:09
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28310 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.027 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:38:23.798Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28310", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-28310", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:21:08.458672Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:09:21.216Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.027", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.030", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.016", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.027", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.030", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.016", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:29.715Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28310", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-28310", datePublished: "2023-06-14T14:52:08.662Z", dateReserved: "2023-03-13T22:23:36.191Z", dateUpdated: "2025-02-28T21:09:21.216Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38185
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:07
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38185 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 13 |
Version: 15.02.0 < 15.02.1258.025 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.167Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38185", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38185", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:53:50.935699Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:07:43.934Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-23", description: "CWE-23: Relative Path Traversal", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:58:59.147Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38185", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-38185", datePublished: "2023-08-08T17:08:41.686Z", dateReserved: "2023-07-12T23:41:45.869Z", dateUpdated: "2025-02-27T21:07:43.934Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-32031
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2025-02-28 21:09
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32031 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.030 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:03:28.769Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32031", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32031", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:21:05.791874Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:09:15.657Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.030", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.027", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.016", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.030", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.027", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.016", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-13T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:38.389Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32031", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-32031", datePublished: "2023-06-14T14:52:14.606Z", dateReserved: "2023-05-01T15:34:52.133Z", dateUpdated: "2025-02-28T21:09:15.657Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36039
Vulnerability from cvelistv5
Published
2023-11-14 17:57
Modified
2025-04-29 23:34
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36039 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 |
Version: 15.01.0 < 15.01.2507.035 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:37:41.218Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36039", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36039", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-23T17:11:59.763520Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T16:05:45.336Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.035", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.040", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.028", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.035", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.040", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.028", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-11-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-29T23:34:39.915Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36039", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36039", datePublished: "2023-11-14T17:57:30.641Z", dateReserved: "2023-06-20T20:44:39.828Z", dateUpdated: "2025-04-29T23:34:39.915Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21709
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:07
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.037 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:02.165Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21709", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:51:01.605859Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:07:14.157Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-307", description: "CWE-307: Improper Restriction of Excessive Authentication Attempts", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:58:32.494Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21709", }, ], title: "Microsoft Exchange Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21709", datePublished: "2023-08-08T17:08:46.247Z", dateReserved: "2022-12-13T18:08:03.490Z", dateUpdated: "2025-02-27T21:07:14.157Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26198
Vulnerability from cvelistv5
Published
2024-03-12 16:57
Modified
2024-12-31 20:19
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26198 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 14 |
Version: 15.02.0 < 15.02.1258.034 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-26198", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-12T18:36:00.911352Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-12T18:20:35.044Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:59:32.686Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26198", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 14", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.034", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1544.011", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.039", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_14:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.034", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1544.011", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.039", versionStartIncluding: "15.01.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-03-12T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426: Untrusted Search Path", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T20:19:19.573Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26198", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-26198", datePublished: "2024-03-12T16:57:53.504Z", dateReserved: "2024-02-14T22:23:54.102Z", dateUpdated: "2024-12-31T20:19:19.573Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38182
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:06
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38182 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 13 |
Version: 15.02.0 < 15.02.1258.025 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.191Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38182", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38182", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:53:34.546069Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:06:14.694Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.025", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.032", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.037", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.025", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.032", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.037", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:14.318Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38182", }, ], title: "Microsoft Exchange Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-38182", datePublished: "2023-08-08T17:08:55.358Z", dateReserved: "2023-07-12T23:41:45.867Z", dateUpdated: "2025-02-27T21:06:14.694Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36050
Vulnerability from cvelistv5
Published
2023-11-14 17:57
Modified
2025-04-29 23:34
Severity ?
EPSS score ?
Summary
Microsoft Exchange Server Spoofing Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36050 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Exchange Server 2019 Cumulative Update 12 |
Version: 15.02.0 < 15.02.1118.040 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:37:41.387Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36050", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36050", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-02-23T17:17:22.952704Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T16:07:09.235Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 12", vendor: "Microsoft", versions: [ { lessThan: "15.02.1118.040", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2016 Cumulative Update 23", vendor: "Microsoft", versions: [ { lessThan: "15.01.2507.035", status: "affected", version: "15.01.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft Exchange Server 2019 Cumulative Update 13", vendor: "Microsoft", versions: [ { lessThan: "15.02.1258.028", status: "affected", version: "15.02.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_12:*:*:*:*:*:*", versionEndExcluding: "15.02.1118.040", versionStartIncluding: "15.02.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_23:*:*:*:*:*:*", versionEndExcluding: "15.01.2507.035", versionStartIncluding: "15.01.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:exchange_server:*:cumulative_update_13:*:*:*:*:*:*", versionEndExcluding: "15.02.1258.028", versionStartIncluding: "15.02.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-11-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft Exchange Server Spoofing Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-29T23:34:39.373Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft Exchange Server Spoofing Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36050", }, ], title: "Microsoft Exchange Server Spoofing Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36050", datePublished: "2023-11-14T17:57:30.038Z", dateReserved: "2023-06-20T20:44:39.829Z", dateUpdated: "2025-04-29T23:34:39.373Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }