CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2021-26857 | Microsoft Exchange Server Remote Code Execution Vulnerability | Microsoft Exchange Server 2019 | Critical | 17-03-2021 |
Technical Information
Brief overview of the risk:
This is an Insecure deserialization vulnerability in the Unified Messaging service in Windows Exchange Server, that can be exploited with specially crafted SOAP payloads. An attacker with administrative permission can run SYSTEM level code on the Exchange server.
Further information on this vulnerability is available at : CVE-2021-26857
Affected Software
Microsoft Exchange Server 2016 Cumulative Update 19Microsoft Exchange Server 2019 Cumulative Update 8
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Update 14
Microsoft Exchange Server 2019 Cumulative Update 4
Microsoft Exchange Server 2016 Cumulative Update 15
Microsoft Exchange Server 2019 Cumulative Update 5
Microsoft Exchange Server 2019 Cumulative Update 6
Microsoft Exchange Server 2016 Cumulative Update 16
Microsoft Exchange Server 2019 Cumulative Update 7
Microsoft Exchange Server 2016 Cumulative Update 18
Microsoft Exchange Server 2010 Service Pack 3