CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-0692
https://notcve.org/view.php?id=CVE-2020-0692
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. Se presenta una vulnerabilidad de elevación de privilegios en Microsoft Exchange Server, también se conoce como "Microsoft Exchange Server Elevation of Privilege Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0692 •
CVSS: 9.0EPSS: 97%CPEs: 6EXPL: 19CVE-2020-0688 – Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-0688
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en el software Microsoft Exchange cuando el software no puede manejar apropiadamente los objetos en la memoria, también se conoce como "Microsoft Exchange Memory Corruption Vulnerability". This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the Exchange Control Panel web application. The product fails to generate a unique cryptographic key at installation, which can result in deserialization of untrusted data. • https://www.exploit-db.com/exploits/48168 https://www.exploit-db.com/exploits/48153 https://github.com/zcgonvh/CVE-2020-0688 https://github.com/Jumbo-WJB/CVE-2020-0688 https://github.com/onSec-fr/CVE-2020-0688-Scanner https://github.com/ravinacademy/CVE-2020-0688 https://github.com/MrTiz/CVE-2020-0688 https://github.com/youncyb/CVE-2020-0688 https://github.com/W01fh4cker/CVE-2020-0688-GUI https://github.com/righter83/CVE-2020-0688 https://github.com/ktpdpro • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 4%CPEs: 5EXPL: 0CVE-2019-1373
https://notcve.org/view.php?id=CVE-2019-1373
A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en Microsoft Exchange por medio de la deserialización de metadatos mediante PowerShell, también se conoce como "Microsoft Exchange Remote Code Execution Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1266
https://notcve.org/view.php?id=CVE-2019-1266
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. Se presenta una vulnerabilidad de suplantación de identidad en Microsoft Exchange Server cuando Outlook Web App (OWA) no puede manejar apropiadamente las peticiones web, también se conoce como "Microsoft Exchange Spoofing Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1266 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-1233
https://notcve.org/view.php?id=CVE-2019-1233
A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Denial of Service Vulnerability'. Se presenta una vulnerabilidad de denegación de servicio en el software Microsoft Exchange Server, cuando el software no puede manejar apropiadamente los objetos en la memoria, también se conoce como "Microsoft Exchange Denial of Service Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1233 •