Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Microsoft Exchange Server Pre-auth Path Confusion vulnerability (CVE-2021-34473) - Vulnerability Database

Microsoft Exchange Server Pre-auth Path Confusion vulnerability (CVE-2021-34473)

Description

Due to a flaw in the Autodiscover service of Exchange Server, an unauthenticated attacker can access its restricted resources and leverage this in conjunction with other vulnerabilities to execute arbitrary code.

Remediation

Upgrade to the latest version of Microsoft Exchange Server.

References

Microsoft Exchange Server Remote Code Execution Vulnerability

Related Vulnerabilities

Check for apache versions up to 1.3.25, 2.0.38 High
Common tags: Code Execution
Drupal Core 7.x Remote Code Execution (7.0 - 7.58) High
Common tags: Code Execution
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.7) High
Common tags: Code Execution
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.4.8) High
Common tags: Code Execution
Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9) High
Common tags: Code Execution

Severity

High

Classification

CVE-2021-34473
CWE-918
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A

Tags

Code Execution