Описание
Microsoft Exchange Server Spoofing Vulnerability
FAQ
According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?
Yes, the attacker must be authenticated.
What is the nature of the spoofing?
An authenticated attacker could make a specially crafted network call to the target Exchange Server that causes the parsing of an http request made to an attacker-controlled server. This could lead to the disclosure of files from the target Exchange Server.
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Exchange Server 2016 Cumulative Update 21 | ||
| Microsoft Exchange Server 2019 Cumulative Update 10 | ||
| Microsoft Exchange Server 2016 Cumulative Update 22 | ||
| Microsoft Exchange Server 2019 Cumulative Update 11 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Microsoft Exchange Server Spoofing Vulnerability.
Уязвимость почтового сервера Microsoft Exchange Server, связанная с раскрытием информации, позволяющая нарушителю провести спуфинг-атаку и раскрыть защищаемую информацию
EPSS
6.5 Medium
CVSS3