vulnerability

Microsoft CVE-2021-26855: Microsoft Exchange Server Remote Code Execution Vulnerability (HAFNIUM Exploited)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Mar 2, 2021	Mar 2, 2021	Jan 3, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Mar 2, 2021

Added

Mar 2, 2021

Modified

Jan 3, 2024

Description

There exists a server-side request forgery (SSRF) vulnerability in Exchange which allows the attacker to send arbitrary HTTP requests and authenticate as the Exchange server.

Solution(s)

msft-kb5000871-22fec8f5-e504-4971-a880-88bab21a1f37msft-kb5000871-28c56acf-f5f1-4a92-900d-0de0c58d61a4msft-kb5000871-82a6c7b8-34c1-4d23-879a-8b5963acc47dmsft-kb5000871-c6ed44ca-634b-4b5c-91ba-12232d8ec98e

References

CVE-2021-26855
https://attackerkb.com/topics/CVE-2021-26855
MSKB-5000871
URL-https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today