Microsoft » Exchange Server : Security Vulnerabilities, CVEs,
CVE-2022-41082
Known exploited
Public exploit
Used for ransomware
Microsoft Exchange Server Remote Code Execution Vulnerability
Max CVSS
8.0
EPSS Score
11.51%
Published
2022-10-03
Updated
2023-12-20
CISA KEV Added
2022-09-30
CVE-2022-41040
Known exploited
Public exploit
Used for ransomware
Microsoft Exchange Server Elevation of Privilege Vulnerability
Max CVSS
8.8
EPSS Score
96.64%
Published
2022-10-03
Updated
2023-12-20
CISA KEV Added
2022-09-30
CVE-2022-23277
Public exploit
Microsoft Exchange Server Remote Code Execution Vulnerability
Max CVSS
8.8
EPSS Score
1.50%
Published
2022-03-09
Updated
2023-06-29
CVE-2021-42321
Known exploited
Public exploit
Used for ransomware
Microsoft Exchange Server Remote Code Execution Vulnerability
Max CVSS
8.8
EPSS Score
96.51%
Published
2021-11-10
Updated
2023-12-28
CISA KEV Added
2021-11-17
CVE-2021-34523
Known exploited
Public exploit
Used for ransomware
Microsoft Exchange Server Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
78.22%
Published
2021-07-14
Updated
2024-02-13
CISA KEV Added
2021-11-03
CVE-2021-34473
Known exploited
Public exploit
Used for ransomware
Microsoft Exchange Server Remote Code Execution Vulnerability
Max CVSS
10.0
EPSS Score
97.32%
Published
2021-07-14
Updated
2023-12-28
CISA KEV Added
2021-11-03
CVE-2021-31207
Known exploited
Public exploit
Used for ransomware
Microsoft Exchange Server Security Feature Bypass Vulnerability
Max CVSS
7.2
EPSS Score
96.90%
Published
2021-05-11
Updated
2023-08-02
CISA KEV Added
2021-11-03
CVE-2021-27065
Known exploited
Public exploit
Used for ransomware
Microsoft Exchange Server Remote Code Execution Vulnerability
Max CVSS
7.8
EPSS Score
96.36%
Published
2021-03-03
Updated
2023-12-29
CISA KEV Added
2021-11-03
CVE-2021-26855
Known exploited
Public exploit
Used for ransomware
Microsoft Exchange Server Remote Code Execution Vulnerability
Max CVSS
9.8
EPSS Score
97.51%
Published
2021-03-03
Updated
2024-02-15
CISA KEV Added
2021-11-03
CVE-2020-17132
Public exploit
Microsoft Exchange Remote Code Execution Vulnerability
Max CVSS
9.1
EPSS Score
3.53%
Published
2020-12-10
Updated
2023-12-30
CVE-2020-16875
Public exploit
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p>
<p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p>
Max CVSS
9.0
EPSS Score
58.15%
Published
2020-09-11
Updated
2023-12-31
CVE-2020-0688
Known exploited
Public exploit
Used for ransomware
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
Max CVSS
9.0
EPSS Score
97.14%
Published
2020-02-11
Updated
2024-02-13
CISA KEV Added
2021-11-03
CVE-2019-0724
Public exploit
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.
Max CVSS
9.3
EPSS Score
7.63%
Published
2019-03-05
Updated
2020-08-24
CVE-2006-0027
Public exploit
Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
Max CVSS
7.5
EPSS Score
97.31%
Published
2006-05-10
Updated
2020-04-09
CVE-2003-0714
Public exploit
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.
Max CVSS
7.5
EPSS Score
9.16%
Published
2003-11-17
Updated
2020-04-09
Microsoft Exchange Server Remote Code Execution Vulnerability
Max CVSS
8.8
EPSS Score
0.54%
Published
2024-03-12
Updated
2024-04-11
CVE-2024-21410
Known exploited
Microsoft Exchange Server Elevation of Privilege Vulnerability
Max CVSS
9.8
EPSS Score
8.12%
Published
2024-02-13
Updated
2024-04-11
CISA KEV Added
2024-02-15
Microsoft Exchange Server Remote Code Execution Vulnerability
Max CVSS
8.8
EPSS Score
0.48%
Published
2023-08-08
Updated
2023-08-10
Microsoft Exchange Server Remote Code Execution Vulnerability
Max CVSS
8.0
EPSS Score
0.06%
Published
2023-08-08
Updated
2023-08-11
Microsoft Exchange Server Spoofing Vulnerability
Max CVSS
8.8
EPSS Score
1.82%
Published
2023-08-08
Updated
2023-08-11
Microsoft Exchange Server Remote Code Execution Vulnerability
Max CVSS
8.0
EPSS Score
0.06%
Published
2023-10-10
Updated
2023-10-12
Microsoft Exchange Server Information Disclosure Vulnerability
Max CVSS
5.7
EPSS Score
0.17%
Published
2023-09-12
Updated
2023-09-14
Microsoft Exchange Server Spoofing Vulnerability
Max CVSS
8.0
EPSS Score
0.34%
Published
2023-09-12
Updated
2023-09-14
Microsoft Exchange Server Remote Code Execution Vulnerability
Max CVSS
8.0
EPSS Score
0.07%
Published
2023-09-12
Updated
2023-09-15
Microsoft Exchange Server Remote Code Execution Vulnerability
Max CVSS
8.0
EPSS Score
0.08%
Published
2023-09-12
Updated
2023-09-15