CVE-2020-17084: Microsoft Exchange Server Remote Code Execution Vulnerability
Overview
- Severity
- High (CVSS 8.5)
- CVSS Vector
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
- Category
- Remote Code Execution
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2020-Nov
- Released
- 2020-11-10
- EPSS Score
- 0.57% (percentile: 68.7%)
Affected Products (5)
Server Software
- Microsoft Exchange Server 2019 Cumulative Update 6
- Microsoft Exchange Server 2016 Cumulative Update 17
- Microsoft Exchange Server 2019 Cumulative Update 7
- Microsoft Exchange Server 2016 Cumulative Update 18
- Microsoft Exchange Server 2013 Cumulative Update 23
Security Updates (5)
Acknowledgments
Steven Seeley (mr_me) of <a href="https://srcincite.io/">Source Incite</a>
Revision History
- 2020-11-10: Information published.