RULE(RULE ID:334389)

Rule General Information
Release Date: 2021-12-16
Rule Name: Microsoft Exchange Server Code Injection Vulnerability (CVE-2021-31195)
Severity:
CVE ID:
Rule Protection Details
Description: Microsoft Exchange Server is a set of email service programs from the American Microsoft Corporation. It provides mail access, storage, forwarding, voice mail, mail filtering and other functions. A code injection vulnerability exists in Microsoft Exchange Server. The following products and versions are affected: Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8, Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2013 Cumulative Update 23.
Impact: An attacker could exploit this vulnerability to have unspecified effect.
Affected OS: Windows, Linux, Others
Reference: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195
Solutions
The vendor has released upgrade patches to fix vulnerabilities, please visit:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195