mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
237 lines
8.7 KiB
JSON
237 lines
8.7 KiB
JSON
{
|
|
"id": "CVE-2021-27065",
|
|
"sourceIdentifier": "secure@microsoft.com",
|
|
"published": "2021-03-03T00:15:12.307",
|
|
"lastModified": "2022-07-12T17:42:04.277",
|
|
"vulnStatus": "Analyzed",
|
|
"cisaExploitAdd": "2021-11-03",
|
|
"cisaActionDue": "2021-04-16",
|
|
"cisaRequiredAction": "Apply updates per vendor instructions.",
|
|
"cisaVulnerabilityName": "Microsoft OWA Exchange Control Panel (ECP) Exploit Chain",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una Vulnerabilidad de Ejecuci\u00f3n de c\u00f3digo remota de Microsoft Exchange Server. Este ID de CVE es diferente de CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.8,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 1.8,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 6.8
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-22"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_22:*:*:*:*:*:*",
|
|
"matchCriteriaId": "751FD35F-2ECD-4B75-9589-988CC6AD3058"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DA166F2A-D83B-4D50-AD0B-668D813E0585"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2013:sp1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0C21F84B-E99C-451D-9EAF-6352FD2B0EAF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*",
|
|
"matchCriteriaId": "63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9BE04790-85A2-4078-88CE-1787BC5172E7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CCF101BE-27FD-4E2D-A694-C606BD3D1ED7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4DF5BDB5-205D-4B64-A49A-0152AFCF4A13"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*",
|
|
"matchCriteriaId": "55284CF7-0D04-4216-83FE-4B1F9CA94207"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CA2CE223-AA49-49E6-AC32-59270EFF55AD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4830D6A9-AF74-480C-8F69-8648CD619980"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*",
|
|
"matchCriteriaId": "079E1E3F-FF25-4B0D-AC98-191D6455A014"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*",
|
|
"matchCriteriaId": "29805EC7-6403-44B9-91EC-109C087E98EB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*",
|
|
"matchCriteriaId": "28FCA0E8-7D27-4746-9731-91B834CA3E64"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*",
|
|
"matchCriteriaId": "075E907F-AF2F-4C31-86C7-51972BE412A1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*",
|
|
"matchCriteriaId": "69AF19DC-3D65-49A8-A85F-511085CDF27B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:*",
|
|
"matchCriteriaId": "40D8A6DB-9225-4A3F-AD76-192F6CCCF002"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*",
|
|
"matchCriteriaId": "051DE6C4-7456-4C42-BC51-253208AADB4E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*",
|
|
"matchCriteriaId": "EE320413-D2C9-4B28-89BF-361B44A3F0FF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*",
|
|
"matchCriteriaId": "73B3B3FE-7E85-4B86-A983-2C410FFEF4B8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8A9FB275-7F17-48B2-B528-BE89309D2AF5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D4AB3C25-CEA8-4D66-AEE4-953C8B17911A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*",
|
|
"matchCriteriaId": "36CE5C6D-9A04-41F5-AE7C-265779833649"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*",
|
|
"matchCriteriaId": "44ECF39A-1DE1-4870-A494-06A53494338D"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html",
|
|
"source": "secure@microsoft.com",
|
|
"tags": [
|
|
"Exploit",
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://packetstormsecurity.com/files/162736/Microsoft-Exchange-ProxyLogon-Collector.html",
|
|
"source": "secure@microsoft.com",
|
|
"tags": [
|
|
"Exploit",
|
|
"Third Party Advisory",
|
|
"VDB Entry"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065",
|
|
"source": "secure@microsoft.com",
|
|
"tags": [
|
|
"Patch",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |