Exchange Server
by Microsoft
CVEs (233)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-41349 | 0.07 | — | 0.94 | Nov 10, 2021 | Microsoft Exchange Server Spoofing Vulnerability | |||
| CVE-2021-28482 | 0.07 | — | 0.83 | Apr 13, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | |||
| CVE-2021-28480 | 0.07 | — | 0.71 | Apr 13, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | |||
| CVE-2008-1547 | 0.07 | — | 0.46 | Oct 21, 2008 | Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. | |||
| CVE-2023-36745 | 0.06 | — | 0.81 | Sep 12, 2023 | Microsoft Exchange Server Remote Code Execution Vulnerability | |||
| CVE-2021-31195 | 0.06 | — | 0.74 | May 11, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | |||
| CVE-2020-17143 | 0.06 | — | 0.71 | Dec 9, 2020 | Microsoft Exchange Server Information Disclosure Vulnerability | |||
| CVE-2006-1193 | 0.06 | — | 0.39 | Jun 13, 2006 | Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." | |||
| CVE-2002-1790 | 0.06 | — | 0.34 | Dec 31, 2002 | The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. | |||
| CVE-2005-0420 | 0.05 | — | 0.26 | Apr 27, 2005 | Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application. | |||
| CVE-2023-32031 | 0.04 | — | 0.82 | Jun 14, 2023 | Microsoft Exchange Server Remote Code Execution Vulnerability | |||
| CVE-2010-2091 | 0.04 | — | 0.18 | May 27, 2010 | Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct… | |||
| CVE-2007-0039 | 0.04 | — | 0.45 | May 8, 2007 | The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS… | |||
| CVE-2006-0002 | 0.04 | — | 0.46 | Jan 10, 2006 | Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME… | |||
| CVE-1999-0284 | 0.04 | — | 0.12 | Jan 1, 1998 | Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command. | |||
| CVE-2021-28481 | 0.03 | — | 0.36 | Apr 13, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | |||
| CVE-2020-17083 | 0.03 | — | 0.12 | Nov 11, 2020 | Microsoft Exchange Server Remote Code Execution Vulnerability | |||
| CVE-2007-0220 | 0.03 | — | 0.33 | May 8, 2007 | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail… | |||
| CVE-2007-0221 | 0.03 | — | 0.37 | May 8, 2007 | Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability." | |||
| CVE-2005-1987 | 0.03 | — | 0.43 | Oct 13, 2005 | Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type"… |
- CVE-2021-41349Nov 10, 2021risk 0.07cvss —epss 0.94
Microsoft Exchange Server Spoofing Vulnerability
- CVE-2021-28482Apr 13, 2021risk 0.07cvss —epss 0.83
Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-28480Apr 13, 2021risk 0.07cvss —epss 0.71
Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2008-1547Oct 21, 2008risk 0.07cvss —epss 0.46
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
- CVE-2023-36745Sep 12, 2023risk 0.06cvss —epss 0.81
Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-31195May 11, 2021risk 0.06cvss —epss 0.74
Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2020-17143Dec 9, 2020risk 0.06cvss —epss 0.71
Microsoft Exchange Server Information Disclosure Vulnerability
- CVE-2006-1193Jun 13, 2006risk 0.06cvss —epss 0.39
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
- CVE-2002-1790Dec 31, 2002risk 0.06cvss —epss 0.34
The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682.
- CVE-2005-0420Apr 27, 2005risk 0.05cvss —epss 0.26
Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.
- CVE-2023-32031Jun 14, 2023risk 0.04cvss —epss 0.82
Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2010-2091May 27, 2010risk 0.04cvss —epss 0.18
Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct…
- CVE-2007-0039May 8, 2007risk 0.04cvss —epss 0.45
The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS…
- CVE-2006-0002Jan 10, 2006risk 0.04cvss —epss 0.46
Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME…
- CVE-1999-0284Jan 1, 1998risk 0.04cvss —epss 0.12
Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.
- CVE-2021-28481Apr 13, 2021risk 0.03cvss —epss 0.36
Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2020-17083Nov 11, 2020risk 0.03cvss —epss 0.12
Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2007-0220May 8, 2007risk 0.03cvss —epss 0.33
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail…
- CVE-2007-0221May 8, 2007risk 0.03cvss —epss 0.37
Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
- CVE-2005-1987Oct 13, 2005risk 0.03cvss —epss 0.43
Buffer overflow in Collaboration Data Objects (CDO), as used in Microsoft Windows and Microsoft Exchange Server, allows remote attackers to execute arbitrary code when CDOSYS or CDOEX processes an e-mail message with a large header name, as demonstrated using the "Content-Type"…
Page 5 of 12