Microsoft Exchange Server Elevation of Privilege Vulnerability
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34523 | Patch Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-21-822/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
28 Dec 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Microsoft Exchange Server Elevation of Privilege Vulnerability | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.0 |
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 |
21 Sep 2021, 17:34
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
20 Aug 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Jul 2021, 14:41
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References |
|
|
References | (MISC) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34523 - Patch, Vendor Advisory | |
CWE | CWE-269 | |
CPE | cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:* cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:* cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:* |
14 Jul 2021, 19:14
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-14 18:15
Updated : 2024-02-13 17:20
NVD link : CVE-2021-34523
Mitre link : CVE-2021-34523
CVE.ORG link : CVE-2021-34523
JSON object : View
Products Affected
microsoft
- exchange_server
CWE
CWE-287
Improper Authentication