Exchange Server
by Microsoft
CVEs (233)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28310 | 0.01 | — | 0.25 | Jun 14, 2023 | Microsoft Exchange Server Remote Code Execution Vulnerability | |||
| CVE-2023-21710 | 0.01 | — | 0.08 | Feb 14, 2023 | Microsoft Exchange Server Remote Code Execution Vulnerability | |||
| CVE-2023-21761 | 0.01 | — | 0.02 | Jan 10, 2023 | Microsoft Exchange Server Information Disclosure Vulnerability | |||
| CVE-2022-24516 | 0.01 | — | 0.02 | Aug 9, 2022 | Microsoft Exchange Server Elevation of Privilege Vulnerability | |||
| CVE-2022-24477 | 0.01 | — | 0.02 | Aug 9, 2022 | Microsoft Exchange Server Elevation of Privilege Vulnerability | |||
| CVE-2022-21980 | 0.01 | — | 0.02 | Aug 9, 2022 | Microsoft Exchange Server Elevation of Privilege Vulnerability | |||
| CVE-2022-24463 | 0.01 | — | 0.32 | Mar 9, 2022 | Microsoft Exchange Server Spoofing Vulnerability | |||
| CVE-2021-34453 | 0.01 | — | 0.03 | Oct 13, 2021 | Microsoft Exchange Server Denial of Service Vulnerability | |||
| CVE-2021-31206 | 0.01 | — | 0.10 | Jul 14, 2021 | Microsoft Exchange Server Remote Code Execution Vulnerability | |||
| CVE-2021-24085 | 0.01 | — | 0.05 | Feb 25, 2021 | Microsoft Exchange Server Spoofing Vulnerability | |||
| CVE-2019-1373 | 0.01 | — | 0.18 | Nov 12, 2019 | A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. | |||
| CVE-2019-1233 | 0.01 | — | 0.06 | Sep 11, 2019 | A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'. | |||
| CVE-2019-1084 | 0.01 | — | 0.05 | Jul 15, 2019 | An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to… | |||
| CVE-2019-0686 | 0.01 | — | 0.05 | Mar 6, 2019 | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0724. | |||
| CVE-2015-2544 | 0.01 | — | 0.09 | Sep 9, 2015 | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability." | |||
| CVE-2015-2543 | 0.01 | — | 0.09 | Sep 9, 2015 | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability." | |||
| CVE-2015-2505 | 0.01 | — | 0.18 | Sep 9, 2015 | Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability." | |||
| CVE-2015-2359 | 0.01 | — | 0.11 | Jun 10, 2015 | Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability." | |||
| CVE-2015-1764 | 0.01 | — | 0.14 | Jun 10, 2015 | The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange… | |||
| CVE-2015-1632 | 0.01 | — | 0.12 | Mar 11, 2015 | Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error… |
- CVE-2023-28310Jun 14, 2023risk 0.01cvss —epss 0.25
Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2023-21710Feb 14, 2023risk 0.01cvss —epss 0.08
Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2023-21761Jan 10, 2023risk 0.01cvss —epss 0.02
Microsoft Exchange Server Information Disclosure Vulnerability
- CVE-2022-24516Aug 9, 2022risk 0.01cvss —epss 0.02
Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2022-24477Aug 9, 2022risk 0.01cvss —epss 0.02
Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2022-21980Aug 9, 2022risk 0.01cvss —epss 0.02
Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2022-24463Mar 9, 2022risk 0.01cvss —epss 0.32
Microsoft Exchange Server Spoofing Vulnerability
- CVE-2021-34453Oct 13, 2021risk 0.01cvss —epss 0.03
Microsoft Exchange Server Denial of Service Vulnerability
- CVE-2021-31206Jul 14, 2021risk 0.01cvss —epss 0.10
Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-24085Feb 25, 2021risk 0.01cvss —epss 0.05
Microsoft Exchange Server Spoofing Vulnerability
- CVE-2019-1373Nov 12, 2019risk 0.01cvss —epss 0.18
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'.
- CVE-2019-1233Sep 11, 2019risk 0.01cvss —epss 0.06
A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'.
- CVE-2019-1084Jul 15, 2019risk 0.01cvss —epss 0.05
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to…
- CVE-2019-0686Mar 6, 2019risk 0.01cvss —epss 0.05
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0724.
- CVE-2015-2544Sep 9, 2015risk 0.01cvss —epss 0.09
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability."
- CVE-2015-2543Sep 9, 2015risk 0.01cvss —epss 0.09
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability."
- CVE-2015-2505Sep 9, 2015risk 0.01cvss —epss 0.18
Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange Information Disclosure Vulnerability."
- CVE-2015-2359Jun 10, 2015risk 0.01cvss —epss 0.11
Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Exchange HTML Injection Vulnerability."
- CVE-2015-1764Jun 10, 2015risk 0.01cvss —epss 0.14
The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka "Exchange…
- CVE-2015-1632Mar 11, 2015risk 0.01cvss —epss 0.12
Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka "Exchange Error…
Page 7 of 12