CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2021-26855 | Microsoft Exchange Server Remote Code Execution Vulnerability | Microsoft Exchange Server 2019 | Critical | 17-03-2021 |
Technical Information
Brief overview of the risk:
This is a Server Side Request Forgery(SSRF) vulnerability which can be exploited by an attacker by sending a HTTP request and getting authenticated to the Microsoft Exchange Server. A SSRF vulnerability is a web vulnerability with which an attacker can make a server side application to make requests on behalf of the attacker. This can be exploited to access machines or servers that are behind firewalls. This vulnerability is currently being exploited in the wild.
Further information on this vulnerability is available at : CVE-2021-26855
Affected Software
Microsoft Exchange Server 2016 Cumulative Update 19Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 14
Microsoft Exchange Server 2019 Cumulative Update 4
Microsoft Exchange Server 2016 Cumulative Update 15
Microsoft Exchange Server 2019 Cumulative Update 5
Microsoft Exchange Server 2019 Cumulative Update 6
Microsoft Exchange Server 2016 Cumulative Update 16
Microsoft Exchange Server 2019 Cumulative Update 7
Microsoft Exchange Server 2016 Cumulative Update 18