CVE-2023-21761

Published: Jan 10, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: secure@microsoft.com (Secondary)

Description

Microsoft Exchange Server Information Disclosure Vulnerability

Affected (3)

Products: Microsoft: Exchange Server

1 product

Exchange Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Exchange Server	Version 2016 cumulative_update_23
Microsoft Exchange Server	Version 2019 cumulative_update_11
Microsoft Exchange Server	Version 2019 cumulative_update_12

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (2)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21761

Source: secure@microsoft.com

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21761

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.