8.8

CVE-2023-21529

Warnung
Medienbericht

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftExchange Server Version2013 Updatecumulative_update_23
MicrosoftExchange Server Version2016 Updatecumulative_update_23
MicrosoftExchange Server Version2019 Updatecumulative_update_11
MicrosoftExchange Server Version2019 Updatecumulative_update_12

13.04.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability

Schwachstelle

Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 62.1% 0.991
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secure@microsoft.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
14.04.2026 09:36
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
14.04.2026 08:06
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
10.04.2026 15:19
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
06.04.2026 19:00
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21529
Patch
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21529
US Government Resource
https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/
Technical Description