Exchange Server Security Vulnerabilities - 2020
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.
8.1CVSS
7.9AI Score
0.003EPSS
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
5.4CVSS
5.1AI Score
0.001EPSS
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p><p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authe...
<p>An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.</p><p>To exploit the vulnerability, an attacker could include...
7.1CVSS
6.6AI Score
0.001EPSS
5.5CVSS
6.7AI Score
0.013EPSS
8.5CVSS
8.4AI Score
0.013EPSS
6.2CVSS
6.3AI Score
0.001EPSS
6.6CVSS
7.6AI Score
0.015EPSS
8.4CVSS
8.9AI Score
0.025EPSS
9.1CVSS
8.9AI Score
0.034EPSS
8.8CVSS
8.2AI Score
0.004EPSS