CVE-2021-31196: Microsoft Exchange Server Remote Code Execution Vulnerability
Overview
- Severity
- High (CVSS 7.2)
- CVSS Vector
- CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
- Category
- Remote Code Execution
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2021-Jul
- Released
- 2021-07-13
- EPSS Score
- 3.34% (percentile: 87.3%)
- CISA KEV
- Listed — due 2024-09-11
Affected Products (5)
Exchange Server
- Microsoft Exchange Server 2019 Cumulative Update 9
- Microsoft Exchange Server 2016 Cumulative Update 20
- Microsoft Exchange Server 2013 Cumulative Update 23
- Microsoft Exchange Server 2016 Cumulative Update 21
- Microsoft Exchange Server 2019 Cumulative Update 10
Security Updates (5)
Acknowledgments
<a href="https://twitter.com/orange_8361">Orange Tsai (@orange_8361)</a> with <a href="https://devco.re/">DEVCORE</a>
Revision History
- 2021-07-13: Information published.