CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2023-36035 | Microsoft Exchange Server Spoofing Vulnerability | Microsoft Exchange Server | Important | 03-01-2024 |
Technical Information
A Spoofing vulnerability in Microsoft Exchange Server. The bug exists in the IsUNCPath method which causes lack of proper input validation. An authenticated attacker can use this vulnerability to relay NTLM credentials in the context of SYSTEM.
Further information on this vulnerability is available at : CVE-2023-36035
Affected Software
Microsoft Exchange Server 2016 Cumulative Update 23,Microsoft Exchange Server 2019 Cumulative Update 12,
Microsoft Exchange Server 2019 Cumulative Update 13