Shodan
Vulnerabilities
Vulnerable Software
Microsoft:  >> Exchange Server  >> 2016  Security Vulnerabilities
CVE-2020-17132
Microsoft Exchange Remote Code Execution Vulnerability
CVSS Score
9.1
EPSS Score
0.841
Published
2020-12-10
CVE-2020-17141
Microsoft Exchange Remote Code Execution Vulnerability
CVSS Score
8.4
EPSS Score
0.382
Published
2020-12-10
CVE-2020-17142
Microsoft Exchange Remote Code Execution Vulnerability
CVSS Score
9.1
EPSS Score
0.023
Published
2020-12-10
CVE-2020-17117
Microsoft Exchange Remote Code Execution Vulnerability
CVSS Score
6.6
EPSS Score
0.062
Published
2020-12-10
CVE-2020-17083
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS Score
5.5
EPSS Score
0.434
Published
2020-11-11
CVE-2020-17084
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS Score
8.5
EPSS Score
0.019
Published
2020-11-11
CVE-2020-17085
Microsoft Exchange Server Denial of Service Vulnerability
CVSS Score
6.2
EPSS Score
0.042
Published
2020-11-11
CVE-2020-16969
<p>An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user.</p> <p>To exploit the vulnerability, an attacker could include specially crafted OWA messages that could be loaded, without warning or filtering, from the attacker-controlled URL. This callback vector provides an information disclosure tactic used in web beacons and other types of tracking systems.</p> <p>The security update corrects the way that Exchange handles these token validations.</p>
CVSS Score
7.1
EPSS Score
0.012
Published
2020-10-16
CVE-2020-16875
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p>
CVSS Score
8.4
EPSS Score
0.887
Published
2020-09-11
CVE-2020-0903
A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server, aka 'Microsoft Exchange Server Spoofing Vulnerability'.
CVSS Score
5.4
EPSS Score
0.007
Published
2020-03-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved