#VU59411 Input validation error in Microsoft Exchange Server - CVE-2022-21855
Published: January 11, 2022
Vulnerability identifier: #VU59411
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Green
CVE-ID: CVE-2022-21855
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Microsoft Exchange Server
Microsoft Exchange Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user on the local network can send specially crafted data to the Exchange server and execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user on the local network can send specially crafted data to the Exchange server and execute arbitrary code on the system.
Remediation
Install updates from vendor's website.