Input validation error in Microsoft Exchange Server - CVE-2022-21855
Published: January 11, 2022
Vulnerability identifier: #VU59411
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Green
CVE-ID: CVE-2022-21855
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Exchange Server
Microsoft Exchange Server
Detailed vulnerability description
The vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user on the local network can send specially crafted data to the Exchange server and execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user on the local network can send specially crafted data to the Exchange server and execute arbitrary code on the system.
How to mitigate CVE-2022-21855
Install updates from vendor's website.