Vulnerability identifier: #VU54766

Vulnerability risk: Medium

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-33766

CWE-ID: CWE-287

Exploitation vector: Network

Exploits in database: 2

• September 15, 2021
  • CVE-2021-33766-ProxyToken (CVE-2021-33766-poc) [Github]
• September 1, 2021
  • CVE-2021-33766-ProxyToken (ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit) [Github]

Impact: Information disclosure

Vulnerable software:
Microsoft Exchange Server
Server applications / Mail servers

Vendor: Microsoft