{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2020-16875", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Microsoft Exchange Server 2019 Cumulative Update 5", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Exchange Server 2019 Cumulative Update 6", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Exchange Server 2016 Cumulative Update 16", "version": { "version_data": [ { "version_value": "" } ] } }, { "product_name": "Microsoft Exchange Server 2016 Cumulative Update 17", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "description": { "description_data": [ { "lang": "eng", "value": "A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user, aka 'Microsoft Exchange Server Remote Code Execution Vulnerability'." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Remote Code Execution" } ] } ] }, "references": { "reference_data": [ { "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16875", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16875" }, { "refsource": "MISC", "name": "http://packetstormsecurity.com/files/159210/Microsoft-Exchange-Server-DlpUtils-AddTenantDlpPolicy-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/159210/Microsoft-Exchange-Server-DlpUtils-AddTenantDlpPolicy-Remote-Code-Execution.html" } ] } }