CVE-2022-41080

Warnung

EPSS 93.8%
Veröffentlicht 09.11.2022 22:15:21
Zuletzt bearbeitet 30.10.2025 19:39:21
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Microsoft Exchange Server Elevation of Privilege Vulnerability

Betroffene Produkte Warnungen 1 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Exchange Server Version2013 Updatecumulative_update_23

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_22

Microsoft ≫ Exchange Server Version2016 Updatecumulative_update_23

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_11

Microsoft ≫ Exchange Server Version2019 Updatecumulative_update_12

10.01.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Exchange Server Privilege Escalation Vulnerability

Schwachstelle

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	93.8%	0.998

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
secure@microsoft.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080

Patch

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41080

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-41080

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-41080

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-41080

EUVD