Looking for the vulnerability index of Invicti's legacy products?
RCE in SQL Server Reporting Services (SSRS) - Vulnerability Database

RCE in SQL Server Reporting Services (SSRS)

Description

A remote code execution vulnerability exists in Microsoft Exchange Server when the server fails to properly create unique keys at install time. Knowledge of a the validation key allows an authenticated user with a mailbox to pass arbitrary objects to be deserialized by the web application, which runs as SYSTEM.

Remediation

Upgrade to the latest version of Microsoft Exchange Server.

Related Vulnerabilities