📦 Exchange Server
by Microsoft
🔍 What is Exchange Server?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2024-21410 is a critical elevation of privilege vulnerability in Microsoft Exchange Server that allows attackers to gain unauthorized administrative access without authentication. It affects organ...
CVE-2023-21709 is a critical elevation of privilege vulnerability in Microsoft Exchange Server that allows authenticated attackers to gain SYSTEM-level privileges. This affects organizations running v...
CVE-2022-21969 is a critical remote code execution vulnerability in Microsoft Exchange Server that allows attackers to execute arbitrary code on affected systems. This affects organizations running vu...
CVE-2022-21855 is a critical remote code execution vulnerability in Microsoft Exchange Server that allows authenticated attackers to execute arbitrary code on affected systems. This affects organizati...
This vulnerability allows remote attackers to execute arbitrary code on Microsoft Exchange Server without authentication. It affects organizations running vulnerable Exchange Server versions, potentia...
CVE-2021-26427 is a remote code execution vulnerability in Microsoft Exchange Server that allows authenticated attackers to execute arbitrary code on vulnerable servers. This affects organizations run...
CVE-2021-34523 is an elevation of privilege vulnerability in Microsoft Exchange Server that allows authenticated attackers to execute arbitrary code on affected systems. This vulnerability is part of ...
CVE-2021-34473 is a critical remote code execution vulnerability in Microsoft Exchange Server that allows unauthenticated attackers to execute arbitrary code on vulnerable servers. It affects on-premi...
CVE-2021-28480 is a critical remote code execution vulnerability in Microsoft Exchange Server that allows unauthenticated attackers to execute arbitrary code on vulnerable servers. This affects organi...
This vulnerability allows remote attackers to execute arbitrary code on Microsoft Exchange Server without authentication. It affects organizations running vulnerable Exchange Server versions, potentia...
CVE-2021-26855 is a server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server that allows unauthenticated attackers to execute arbitrary code remotely. This vulnerability affects o...
This vulnerability allows remote attackers to execute arbitrary code on Microsoft Exchange Server without authentication. It affects organizations running vulnerable Exchange Server versions, potentia...
CVE-2021-26412 is a critical remote code execution vulnerability in Microsoft Exchange Server that allows authenticated attackers to execute arbitrary code on vulnerable servers. This affects organiza...
CVE-2020-17132 is a remote code execution vulnerability in Microsoft Exchange Server that allows authenticated attackers to execute arbitrary code on affected systems. This affects organizations runni...
CVE-2020-17142 is a remote code execution vulnerability in Microsoft Exchange Server that allows authenticated attackers to execute arbitrary code on affected systems. This affects organizations runni...
This vulnerability in Microsoft Exchange Server allows authenticated attackers to elevate their privileges through improper input validation. Attackers with existing access can exploit this over the n...
This vulnerability in Microsoft Exchange Server allows unauthorized attackers to perform spoofing attacks over the network due to improper input validation. Attackers can impersonate legitimate users ...
A privilege escalation vulnerability in Microsoft Exchange Server allows unauthorized attackers to gain elevated local privileges due to incorrect authentication algorithm implementation. This affects...
This vulnerability in Microsoft Exchange Server allows unauthorized attackers to access sensitive information over the network. Attackers can exploit this to read confidential data from Exchange serve...
This vulnerability in Microsoft Exchange Server allows attackers to spoof email addresses, potentially enabling phishing attacks or bypassing email security controls. It affects organizations running ...
CVE-2024-26198 is a remote code execution vulnerability in Microsoft Exchange Server that allows attackers to execute arbitrary code on affected systems. This affects organizations running vulnerable ...
CVE-2023-36439 is a remote code execution vulnerability in Microsoft Exchange Server that allows authenticated attackers to execute arbitrary code on affected systems. This affects organizations runni...
CVE-2023-36757 is a deserialization vulnerability in Microsoft Exchange Server that allows attackers to spoof email addresses and potentially execute arbitrary code. It affects Microsoft Exchange Serv...
CVE-2023-36745 is a remote code execution vulnerability in Microsoft Exchange Server that allows authenticated attackers to execute arbitrary code on affected systems. This affects organizations runni...
CVE-2023-38181 is a deserialization vulnerability in Microsoft Exchange Server that allows attackers to spoof email addresses and potentially execute arbitrary code. It affects organizations running v...
CVE-2023-21529 is a remote code execution vulnerability in Microsoft Exchange Server that allows authenticated attackers to execute arbitrary code on affected systems. This affects organizations runni...
This vulnerability allows remote attackers to execute arbitrary code on Microsoft Exchange Server without authentication. It affects organizations running vulnerable Exchange Server versions, potentia...
CVE-2021-42321 is a remote code execution vulnerability in Microsoft Exchange Server that allows attackers to execute arbitrary code on affected servers. It affects Microsoft Exchange Server installat...
CVE-2021-34470 is an elevation of privilege vulnerability in Microsoft Exchange Server that allows authenticated attackers to gain higher privileges through Active Directory schema misconfiguration. T...
CVE-2021-33766 is an information disclosure vulnerability in Microsoft Exchange Server that allows authenticated attackers to read arbitrary files on the server. This affects organizations running vul...
CVE-2021-33768 is an elevation of privilege vulnerability in Microsoft Exchange Server that allows authenticated attackers to execute arbitrary code with SYSTEM privileges. This affects organizations ...
CVE-2021-31206 is a remote code execution vulnerability in Microsoft Exchange Server that allows authenticated attackers to execute arbitrary code on affected systems. This affects organizations runni...
CVE-2021-31198 is a remote code execution vulnerability in Microsoft Exchange Server that allows attackers to execute arbitrary code on affected servers. It affects Microsoft Exchange Server installat...
This vulnerability allows remote attackers to execute arbitrary code on Microsoft Exchange Server without authentication. It affects organizations running vulnerable Exchange Server versions, potentia...
CVE-2021-26858 is a remote code execution vulnerability in Microsoft Exchange Server that allows an attacker to execute arbitrary code on affected servers by sending specially crafted HTTP requests. I...
This CVE describes a UI spoofing vulnerability in Microsoft Exchange Server where an unauthorized attacker can manipulate the user interface to misrepresent critical information over a network. This c...
This vulnerability in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing attacks over a network by exploiting improper handling of special elements. It affects organizations...
This vulnerability in Microsoft Exchange Server allows unauthorized attackers to perform spoofing attacks by sending specially crafted network requests that bypass input validation. It affects organiz...
A spoofing vulnerability in Microsoft Exchange Server allows attackers to impersonate legitimate users, potentially tricking recipients into trusting malicious emails. This affects organizations runni...