CVE-2021-33766 Microsoft Exchange Server Information Disclosure Vulnerability

🗓️ 14 Jul 2021 17:53:40Reported by microsoftType

Microsoft Exchange Server Information Disclosure CVE-2021-3376

Reporter	Title	Published	Views	Family All 32
ICS	Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations	14 Sep 202212:00	–	ics
ATTACKERKB	CVE-2021-33766 ProxyToken	14 Jul 202100:00	–	attackerkb
BDU FSTEC	The vulnerability of Microsoft Exchange Server’s mail server, related to deficiencies in authentication procedures, allows attackers to gain unauthorized access to protected information.	1 Sep 202100:00	–	bdu_fstec
GithubExploit	Exploit for CVE-2021-33766	31 Aug 202122:03	–	githubexploit
GithubExploit	Exploit for CVE-2021-33766	31 Aug 202122:03	–	githubexploit
Circl	CVE-2021-33766	13 Apr 202105:00	–	circl
CISA KEV Catalog	Microsoft Exchange Server Information Disclosure	18 Jan 202200:00	–	cisa_kev
CISA	CISA Adds 13 Known Exploited Vulnerabilities to Catalog	18 Jan 202200:00	–	cisa
CNNVD	Microsoft Exchange Server 授权问题漏洞	13 Jul 202100:00	–	cnnvd
Check Point Advisories	Microsoft Exchange Information Disclosure (CVE-2021-33766)	5 Sep 202100:00	–	checkpoint_advisories

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft Exchange Server 2019 Cumulative Update 9",
    "cpes": [
      "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.02.0",
        "lessThan": "15.02.0858.010",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Exchange Server 2016 Cumulative Update 20",
    "cpes": [
      "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.01.0",
        "lessThan": "15.01.2242.008",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Exchange Server 2013 Cumulative Update 23",
    "cpes": [
      "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.00.0",
        "lessThan": "15.00.1497.015",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Exchange Server 2016 Cumulative Update 19",
    "cpes": [
      "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.01.0",
        "lessThan": "15.01.2176.012",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Exchange Server 2019 Cumulative Update 8",
    "cpes": [
      "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*"
    ],
    "platforms": [
      "x64-based Systems"
    ],
    "versions": [
      {
        "version": "15.02.0",
        "lessThan": "15.02.0792.013",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-33766
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-21-798/

28 Dec 2023 22:36Current

7.5High risk

Vulners AI Score7.5

CVSS 3.17.3

EPSS0.97502