|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-03-03 | |
| Rule Name: | Microsoft Exchange Server Server-Side Request Forgery Authentication Bypass Vulnerability -3 (CVE-2021-26855) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | CVE-2021-26855 is a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to send arbitrary HTTP requests and authenticate to on-premise Exchange server. Attackers can also trick the Exchange server to execute arbitrary commands by exploiting this vulnerability. The following products and versions are affected: Microsoft Exchange Server 2013 Cumulative Update 23,Microsoft Exchange Server 2019 Cumulative Update 7,Microsoft Exchange Server 2016 Cumulative Update 18,Microsoft Exchange Server 2016 Cumulative Update 19,Microsoft Exchange Server 2019 Cumulative Update 8. | |
| Impact: | An attacker can take advantage of the vulnerability to bypass authentication, and steal the full contents of several user mailboxes. | |
| Affected OS: | Windows | |
| Reference: | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855 |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855 |