25 matches found
Email item data export from EWS failed
Challenge Exchange Online backup jobs in Veeam Backup for Microsoft 365 and Veeam Data Cloud for Microsoft 365 may fail to process mailboxes, returning one of the following errors: Processing mailbox failed with error: Email item data export from EWS failed item IDs: .... The operation has timed...
CVE-2026-33371
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...
Support Statement — Exchange Web Services (EWS) Deprecation
Challenge Microsoft has announced the deprecation of Exchange Web Services EWS in Exchange Online, with the initial phase-out target of October 1, 2026. Veeam Backup for Microsoft 365 and Veeam Data Cloud for Microsoft 365 currently leverage EWS for Exchange Online backup functionality. Note: Thi...
EUVD-2026-13696
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...
CVE-2026-33371
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...
CVE-2026-33371
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...
PT-2026-26615
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...
CVE-2026-33371
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...
CVE-2026-33371
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...
CVE-2026-33371
CVE-2026-33371 affects Zimbra Collaboration (ZCS) 10.0 and 10.1. The issue is an XML External Entity (XXE) vulnerability in the Zimbra Exchange Web Services (EWS) SOAP interface caused by improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by a ...
Zimbra Collaboration 安全漏洞
Zimbra Collaboration is an open-source enterprise-level email and collaboration platform developed by Zimbra Corporation. It supports email, calendar, document management, and team collaboration features. Versions 10.0 and 10.1 of Zimbra Collaboration contain security vulnerabilities. These...
MiracleLinux 4 : evolution-data-server-2.32.3-18.AXS4 (AXSA:2014-352:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-352:01 advisory. The evolution-data-server package provides a unified backend for programs that work with contacts, tasks, and calendar information. It was originally develope...
PrivExchange
This is a proof-of-concept PoC tool for abusing Microsoft Exchange to obtain Domain Admin privileges. The tool, named PrivExchange, requires the Impacket library and can be used to subscribe to push notifications on Exchange Web Services, which will make Exchange connect back to the attacker and...
New PowerExchange Backdoor Used in Iranian Cyber Attack on UAE Government
An unnamed government entity associated with the United Arab Emirates U.A.E. was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "simple yet effective" backdoor dubbed PowerExchange. According to a new report from Fortinet FortiGuard Labs, the...
New PowerExchange Backdoor Used in Iranian Cyber Attack on UAE Government
An unnamed government entity associated with the United Arab Emirates U.A.E. was targeted by a likely Iranian threat actor to breach the victim's Microsoft Exchange Server with a "simple yet effective" backdoor dubbed PowerExchange. According to a new report from Fortinet FortiGuard Labs, the...
How to Temporarily Disable Exchange Web Services Throttling
Purpose This article documents how to temporarily disable Exchange Web Services API throttling, potentially improving Exchange backup performance in Veeam Backup for Microsoft 365. Note: Throttling may only be disabled temporarily; this should be sufficient to allow Veeam Backup for Microsoft 365...
Security Bulletin: A vulnerability have been identified in Apache Commons IO shipped with IBM Tivoli Netcool/OMNIbus Probe for Microsoft Exchange Web Services (CVE-2021-29425)
Summary Apache Commons IO is a dependency component shipped with the IBM Tivoli Netcool/OMNIbus Probe for Microsoft Exchange Web Services. Information about the security vulnerability affecting Apache Commons IO has been published. CVE-2021-29425 Vulnerability Details CVEID: CVE-2021-29425...
Mimecast Certificate Hacked in Supply-Chain Attack
A Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services has been “compromised by a sophisticated threat actor,” the company has announced. Mimecast provides email security services that customers can apply to their Microsoft 365...
Security Updates for Exchange (February 2020)
The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the...
Security Updates for Exchange (February 2019)
The Microsoft Exchange Server installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - Multiple Vulnerabilites with the included libraries from Oracle Outside. CVE-2018-18223, CVE-2018-18224, CVE-2018-3147, CVE-2018-3217, CVE-2018-3218,...