CVE-2021-31198

EPSS 1.63%
Veröffentlicht 11.05.2021 19:15:10
Zuletzt bearbeitet 28.02.2025 21:15:17
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Microsoft Exchange Server Remote Code Execution Vulnerability

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_23

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_19

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_20

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_8

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.63%	0.813

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
secure@microsoft.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31198

Patch

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-21-894/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2021-31198

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-31198

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-31198

EUVD