87 matches found
Patch now! Exchange servers attacked by Hafnium zero-days
Microsoft has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Microsoft attributes the attacks to a group they have dubbed Hafnium. “HAFNIUM primarily targets entities in the United States across a number ...
CVE-2021-26855
creationtimestamp| type| source ---|---|--- 2021-03-03 02:44:45+00:00| seen| https://t.me/cibsecurity/24377 2021-03-03 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=556 2021-03-03 06:30:17+00:00| seen| MISP/76591c3b-efb3-4084-a644-87a6cca8c784 2021-03-07 19:26:18+00:00|...
CVE-2021-26855
Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: wvu-r7 at March 09, 2021 7:01am UTC reported: CVE-2021-26855 CVE-2021-26855 is an SSRF vulnerability in Exchange that allows privileged access to Exchange’s backend resources, ultimately leading to pre-auth RCE when...
Security Updates for Microsoft Exchange Server (March 2021)
The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker could exploit this to execute unauthorized arbitrary code. CVE-2021-26412, CVE-2021-26854,...
CVE-2021-26855
CVE-2021-26855 is an Exchange Server SSRF vulnerability that enables pre-auth access to Exchange backend and, when chained with CVE-2021-27065, can lead to remote code execution. Public exploitation activity and PoCs (e.g., Nmap http-vuln-cve2021-26855 scripts and curl demonstrations) illustrate ...
Microsoft Exchange Server Remote Code Execution (CVE-2021-26855; CVE-2021-27065)
A remote code execution vulnerability exists in Microsoft Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2020-26855
CVE-2020-26855 is rejected/not used per the initial description; not an active vulnerability entry.