CVE-2021-41349: Microsoft Exchange Server Spoofing Vulnerability
Overview
- Severity
- Medium (CVSS 6.5)
- CVSS Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
- Category
- Spoofing
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2021-Nov
- Released
- 2021-11-09
- Last Updated
- 2021-11-11
- EPSS Score
- 91.10% (percentile: 99.6%)
Known Exploits (1)
- Microsoft Exchange Server Spoofing Vulnerability — added 2022-07-30T10:51:55Z
Detection & Weaponization (2 sources)
Maturity: Exploit
- Nuclei templates: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting
- GitHub PoC: 1 repositories
Affected Products (5)
Server Software
- Microsoft Exchange Server 2013 Cumulative Update 23
- Microsoft Exchange Server 2016 Cumulative Update 21
- Microsoft Exchange Server 2019 Cumulative Update 10
- Microsoft Exchange Server 2016 Cumulative Update 22
- Microsoft Exchange Server 2019 Cumulative Update 11
Security Updates (5)
Acknowledgments
<a href="https://twitter.com/d0rkerdevil">Ashish Kunwar</a>, <a href="https://twitter.com/wabafet1">Wabaf3t</a>, Rahul Maini with <a href="https://secaid.in/">SecAid</a>, MIke Xie, Tony Zhan with Dell, Tony Zhan with Dell, Sainath Reddy, Sainath Reddy, Thomas Spring with <a href="https://www.swisscom.com/">Swisscom (Schweiz) AG</a>, Thomas Spring with <a href="https://www.swisscom.com/">Swisscom (Schweiz) AG</a>, Harsh and Rahul with HTTPVoid, Rahul Maini with <a href="https://secaid.in/">SecAid</a>, Thomas Spring with <a href="https://www.swisscom.com/">Swisscom (Schweiz) AG</a>, Thomas Spring with <a href="https://www.swisscom.com/">Swisscom (Schweiz) AG</a>, Olga Sviridova with <a href="https://ecommpay.com/">Ecommpay</a>, Olga Sviridova with <a href="https://ecommpay.com/">Ecommpay</a>
Revision History
- 2021-11-09: Information published.
- 2021-11-11: Added acknowledgements. This is an informational change only.