CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-1730 – Microsoft Exchange Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2021-1730
<p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.</p> <p>This update addresses this vulnerability.</p> <p>To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. Please see further instructions in the FAQ to put in place this mitigations.</p> Una Vulnerabilidad de Suplantación de Identidad de Microsoft Exchange Server. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1730 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-24085 – Microsoft Exchange Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2021-24085
Microsoft Exchange Server Spoofing Vulnerability Una Vulnerabilidad de Suplantación de Identidad de Microsoft Exchange Server. Este ID de CVE es diferente de CVE-2021-1730 Microsoft Exchange Server has a flaw that exists within the HasValidCanary function inside of the Canary15 class. The issue results in an insecure generation of cross site request forgery tokens that can be used to install an office-addins. An attacker can leverage this vulnerability to escalate privileges to an administrative account. • https://github.com/sourceincite/CVE-2021-24085 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24085 •
CVSS: 8.4EPSS: 32%CPEs: 1EXPL: 2CVE-2020-17144 – Microsoft Exchange Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-17144
Microsoft Exchange Remote Code Execution Vulnerability Vulnerabilidad de ejecución de código remota en Microsoft Exchange Este ID de CVE es diferente de CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17142 Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution. • https://github.com/zcgonvh/CVE-2020-17144 https://github.com/Airboi/CVE-2020-17144-EXP https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17144 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 3%CPEs: 5EXPL: 0CVE-2020-17142 – Microsoft Exchange Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-17142
Microsoft Exchange Remote Code Execution Vulnerability Vulnerabilidad de ejecución de código remota en Microsoft Exchange Este ID de CVE es diferente de CVE-2020-17117, CVE-2020-17132, CVE-2020-17141, CVE-2020-17144. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17142 •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-17143 – Microsoft Exchange Server Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-17143
Microsoft Exchange Server Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de Microsoft Exchange • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17143 •