Описание
Microsoft Exchange Server Elevation of Privilege Vulnerability
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability?
The attacker would be able to take over the mailboxes of all Exchange users, attackers can send emails, read emails, download attachments.
How could an attacker exploit this vulnerability?
An attacker would first have to compromise with a user account who is member of an admin group to run the required code.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Exchange Server 2016 Cumulative Update 23 | ||
| Microsoft Exchange Server 2019 Cumulative Update 14 | ||
| Microsoft Exchange Server 2019 Cumulative Update 15 | ||
| Microsoft Exchange Server Subscription Edition RTM |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8.8 High
CVSS3
Связанные уязвимости
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
Уязвимость почтового сервера Microsoft Exchange Server, связанная с недостатками процедуры аутентификации, позволяющая нарушителю повысить свои привилегии
EPSS
8.8 High
CVSS3