<< Back
CVE Number Vulnerability Product Severity Date
CVE-2022-24463 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server 2019 Important 14-03-2022

Technical Information

Brief overview of the risk:

An information disclosure vulnerability in Microsoft Exchange Server can be exploited by an authenticated attacker by sending a specially crafted network call to the target Exchange Server. Parsing this HTTP request could lead to the disclosure of files.

Further information on this vulnerability is available at : CVE-2022-24463

Affected Software

Microsoft Exchange Server 2016 Cumulative Update 21,
Microsoft Exchange Server 2019 Cumulative Update 10,
Microsoft Exchange Server 2016 Cumulative Update 22,
Microsoft Exchange Server 2019 Cumulative Update 11