Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2021-1730

Опубликовано: 09 фев. 2021
Источник: msrc
CVSS3: 5.4
EPSS Низкий

Описание

Microsoft Exchange Server Spoofing Vulnerability

A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.

This update addresses this vulnerability.

To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. Please see further instructions in the FAQ to put in place this mitigations.

FAQ

Why are the updates listed those that were released in September?

This vulnerability was found in the Exchange Server Installer. This type of vulnerability can only be addressed in a complete release as opposed to a cumulative update. We allowed time for customers to move to the September release prior to disclosing the vulnerability.

What are the steps to configure Download Domains to enable the protection from this vulnerability?

Yes, please see Exchange Download Domains for detailed information.

Обновления

ПродуктСтатьяОбновление
Microsoft Exchange Server 2019 Cumulative Update 7
4571787
Security Update
Microsoft Exchange Server 2016 Cumulative Update 18
4571788
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 83%
0.02014
Низкий

5.4 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2021-1730

CVSS3: 5.4
nvd
почти 5 лет назад

<p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.</p> <p>This update addresses this vulnerability.</p> <p>To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. Please see further instructions in the FAQ to put in place this mitigations.</p>

github логотип

GHSA-mp5r-32pv-q987

CVSS3: 5.4
github
больше 3 лет назад

Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-24085.

fstec логотип

BDU:2021-00927

CVSS3: 5.4
fstec
почти 5 лет назад

Уязвимость почтового сервера Microsoft Exchange Server связанная с отсутствием защиты служебных данных, позволяющая нарушителю проводить спуфинг-атаки

msrc логотип

CVE-2021-27065

CVSS3: 7.8
msrc
почти 5 лет назад

Microsoft Exchange Server Remote Code Execution Vulnerability

msrc логотип

CVE-2021-26858

CVSS3: 7.8
msrc
почти 5 лет назад

Microsoft Exchange Server Remote Code Execution Vulnerability

EPSS

Процентиль: 83%
0.02014
Низкий

5.4 Medium

CVSS3