vulnerability
Microsoft Exchange: CVE-2020-16875: Microsoft Exchange Server Remote Code Execution Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Sep 11, 2020 | Aug 10, 2023 | Aug 12, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Sep 11, 2020
Added
Aug 10, 2023
Modified
Aug 12, 2025
Description
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p>
<p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p>
Solutions
microsoft-exchange-exchange_server_2016_CU16-kb4577352microsoft-exchange-exchange_server_2016_CU17-kb4577352microsoft-exchange-exchange_server_2019_CU5-kb4577352microsoft-exchange-exchange_server_2019_CU6-kb4577352
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.