Exchange Server@* Security Vulnerabilities and Issues — Page 2 of Exchange Server@* CVE List

A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpo...

9.3CVSS8.7AI score0.76022EPSS

CVE•added 2022/11/09 10:15 p.m.•133 views

CVE-2022-41078

Microsoft Exchange Server Spoofing Vulnerability

8CVSS7.7AI score0.00155EPSS

CVE•added 2021/07/14 6:15 p.m.•132 views

CVE-2021-33768

Microsoft Exchange Server Elevation of Privilege Vulnerability

8CVSS8.7AI score0.00242EPSS

CVE•added 2023/08/08 6:15 p.m.•129 views

CVE-2023-38181

Microsoft Exchange Server Spoofing Vulnerability

8.8CVSS8.5AI score0.59477EPSS

CVE•added 2022/11/09 10:15 p.m.•128 views

CVE-2022-41079

Microsoft Exchange Server Spoofing Vulnerability

8CVSS7.7AI score0.00155EPSS

CVE•added 2021/10/13 1:15 a.m.•127 views

CVE-2021-41348

Microsoft Exchange Server Elevation of Privilege Vulnerability

8CVSS7.6AI score0.00538EPSS

CVE•added 2021/10/13 1:15 a.m.•123 views

CVE-2021-34453

Microsoft Exchange Server Denial of Service Vulnerability

7.5CVSS7.4AI score0.07525EPSS

CVE•added 2019/04/09 9:29 p.m.•112 views

CVE-2019-0817

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.

5.8CVSS5.5AI score0.01372EPSS

CVE•added 2019/04/09 9:29 p.m.•112 views

CVE-2019-0858

6.1CVSS5.5AI score0.01372EPSS

CVE•added 2021/10/13 1:15 a.m.•102 views

CVE-2021-41350

Microsoft Exchange Server Spoofing Vulnerability

6.5CVSS6.6AI score0.04474EPSS

CVE•added 2018/05/09 7:29 p.m.•100 views

CVE-2018-8154

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8151.

10CVSS6.9AI score0.17498EPSS

CVE•added 2018/10/10 1:29 p.m.•97 views

CVE-2018-8265

A remote code execution vulnerability exists in the way Microsoft Exchange software parses specially crafted email messages, aka "Microsoft Exchange Remote Code Execution Vulnerability." This affects Microsoft Exchange Server.

9.3CVSS7.8AI score0.18022EPSS

CVE•added 2019/01/08 9:29 p.m.•96 views

CVE-2019-0586

10CVSS9.4AI score0.20842EPSS

CVE•added 2022/08/09 8:15 p.m.•95 views

CVE-2022-34692

Microsoft Exchange Server Information Disclosure Vulnerability

5.3CVSS6.4AI score0.01948EPSS

CVE•added 2018/10/10 1:29 p.m.•89 views

CVE-2018-8448

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

5.8CVSS6.1AI score0.00544EPSS

CVE•added 2018/08/15 5:29 p.m.•87 views

CVE-2018-8302

10CVSS9.4AI score0.25903EPSS

CVE•added 2019/07/29 2:13 p.m.•86 views

CVE-2019-1136

An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'.

8.1CVSS5.7AI score0.03848EPSS

CVE•added 2019/01/08 9:29 p.m.•80 views

CVE-2019-0588

An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended, aka "Microsoft Exchange Information Disclosure Vulnerability." This affects Microsoft Exchange Server.

6.5CVSS7AI score0.02947EPSS

CVE•added 2018/12/12 12:29 a.m.•77 views

CVE-2018-8604

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.

4.3CVSS4.2AI score0.03652EPSS

CVE•added 2018/05/09 7:29 p.m.•72 views

CVE-2018-8151

An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154.

4.3CVSS6.1AI score0.17498EPSS

CVE•added 2023/09/12 5:15 p.m.•68 views

CVE-2023-36777

Microsoft Exchange Server Information Disclosure Vulnerability

5.7CVSS5.5AI score0.02252EPSS

CVE•added 2018/05/09 7:29 p.m.•63 views

CVE-2018-8159

An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.

5.8CVSS7AI score0.00997EPSS

CVE•added 2000/03/22 5:0 a.m.•61 views

CVE-2000-0216

Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list.

5CVSS6.8AI score0.05121EPSS

CVE•added 2018/05/09 7:29 p.m.•61 views

CVE-2018-8152

5.8CVSS7AI score0.00997EPSS

CVE•added 2002/03/09 5:0 a.m.•59 views

CVE-2001-0660

Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).

5CVSS6.4AI score0.1955EPSS

CVE•added 2018/08/15 5:29 p.m.•58 views

CVE-2018-8374

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.

4.3CVSS6.5AI score0.0154EPSS

CVE•added 2018/05/09 7:29 p.m.•56 views

CVE-2018-8153

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Spoofing Vulnerability." This affects Microsoft Exchange Server.

5.8CVSS7AI score0.00611EPSS

CVE•added 2001/09/12 4:0 a.m.•42 views

CVE-1999-1322

The installation of 1ArcServe Backup and Inoculan AV client modules for Exchange create a log file, exchverify.log, which contains usernames and passwords in plaintext.

4.6CVSS7.4AI score0.00513EPSS

CVE•added 2025/08/06 4:15 p.m.•35 views

CVE-2025-53786

On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified...

8CVSS6.4AI score0.00078EPSS

CVE•added 2 days ago•16 views

CVE-2025-33051

Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.

7.5CVSS6.5AI score0.00068EPSS

CVE•added 2 days ago•6 views

CVE-2025-25005

Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.

6.5CVSS7AI score0.00123EPSS

CVE•added 2 days ago•6 views

CVE-2025-25007

Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

5.3CVSS6.9AI score0.00073EPSS

CVE•added 2 days ago•5 views

CVE-2025-25006

Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

5.3CVSS6.9AI score0.00051EPSS

Total number of security vulnerabilities96