✻ Microsoft exchange server 2019 cumulative update 7
✻ Microsoft exchange server 2019 cumulative update 8
✻ Microsoft exchange server 2016 cumulative update 18
✻ Microsoft exchange server 2016 cumulative update 19
✻ Microsoft exchange server 2013 cumulative update 23
Multiple vulnerabilities have been identified in the Microsoft Exchange server which could allow an attacker to execute arbitrary codes on the targeted system.
✻ CVE-2021-26855 - Server-side request forgery
✻ CVE-2021-26857 - Vulnerability in unified messaging service
✻ CVE-2021-26858 - Vulnerability in post-authentication arbitrary file write
✻ CVE-2021-27065 - Vulnerability in post-authentication arbitrary file write
These vulnerabilities exist in the Microsoft Exchange server due to having untrusted connections with Exchange server on port 443. An attacker could exploit these vulnerabilities by alluring a target user to open a maliciously crafted file.
A successful exploit of this vulnerability may result in the complete compromise of the vulnerable system.
✻ Exposing sensitive information to unauthorized parties
✻ Unauthorized access
✻ Execute of unwanted/malicious programs/codes
Apply appropriate patches as mentioned below,
The information provided herein is on "as is" basis, without warranty of any kind.