Vulnerabilities > Microsoft > Exchange Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-11 | CVE-2021-31209 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Spoofing Vulnerability | 6.5 |
| 2021-03-03 | CVE-2021-26854 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 6.6 |
| 2021-02-25 | CVE-2021-24085 | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Spoofing Vulnerability | 6.5 |
| 2021-02-25 | CVE-2021-1730 | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 <p>A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user.</p> <p>This update addresses this vulnerability.</p> <p>To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. | 5.4 |
| 2020-12-10 | CVE-2020-17117 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Remote Code Execution Vulnerability | 6.6 |
| 2020-11-11 | CVE-2020-17085 | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Denial of Service Vulnerability | 6.2 |
| 2020-11-11 | CVE-2020-17083 | Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 5.5 |
| 2020-02-11 | CVE-2020-0692 | Improper Privilege Management vulnerability in Microsoft Exchange Server 2013/2016/2019 An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. | 6.8 |
| 2019-09-11 | CVE-2019-1266 | Cross-site Scripting vulnerability in Microsoft Exchange Server 2016/2019 A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. | 4.3 |
| 2019-07-15 | CVE-2019-1136 | Unspecified vulnerability in Microsoft Exchange Server 2010/2013 An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. | 5.1 |