Vulnerabilities > CVE-2021-26855 - Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 24 |
Common Weakness Enumeration (CWE)
Related news
- March 2021 Patch Tuesday forecast: Off to an early start (source)
- As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leak (source)
- Use This One-Click Mitigation Tool from Microsoft to Prevent Exchange Attacks (source)
- Microsoft releases one-click Exchange On-Premises Mitigation Tool (source)
- Microsoft Defender adds automatic Exchange ProxyLogon mitigation (source)
- Hackers Actively Searching for Unpatched Microsoft Exchange Servers (source)
- Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns (source)
- Microsoft Exchange bug abused to hack building automation systems (source)
- US Govt: Hackers stole data from US defense org using new malware (source)
- Hackers stole data from US defense org using Impacket, CovalentStealer (source)
- Cyber-snoops broke into US military contractor, stole data, hid for months (source)
- Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks (source)
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855
- http://packetstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.html
- http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/162610/Microsoft-Exchange-2019-Unauthenticated-Email-Download.html
- http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html