Описание
Microsoft Exchange Server Elevation of Privilege Vulnerability
FAQ
According to the CVSS metric, privileges required is low (PR:L). Does the attacker need to be in an authenticated role on the Exchange Server?
Yes, the attacker must be authenticated.
Do I need to take further steps to be protected from this vulnerability?
Microsoft Exchange Online customers do not need to take any action.
Exchange Server customers should review and apply the mitigation instructions described in Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server.
What privileges can an attacker gain by exploiting this vulnerability?
The privileges acquired by the attacker would be the ability to run PowerShell in the context of the system.
Where can I find more information about this CVE?
Please see Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server for more information
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Exchange Server 2013 Cumulative Update 23 | ||
| Microsoft Exchange Server 2016 Cumulative Update 22 | ||
| Microsoft Exchange Server 2019 Cumulative Update 11 | ||
| Microsoft Exchange Server 2019 Cumulative Update 12 | ||
| Microsoft Exchange Server 2016 Cumulative Update 23 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
8.8 High
CVSS3
Связанные уязвимости
Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability.
Уязвимость почтового сервера Microsoft Exchange Server, связанная с ошибками при обработке вводимых данных в OWA-интерфейсе, позволяющая нарушителю осуществить SSRF-атаку
EPSS
8.8 High
CVSS3