2 matches found
Microsoft Exchange Server Remote Code Execution (CVE-2022-23277)
A remote code execution vulnerability exists in Microsoft Exchange Server. The vulnerability is due to improper handling of EWS requests containing malicious UserConfiguration objects...
Microsoft Exchange Server NTLM Reflection EWS User Impersonation Vulnerability
This vulnerability allows remote attackers to impersonate arbitrary users on vulnerable installations of Microsoft Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the use of NTLM authentication in Exchange Server. NTLM responses produced ...