Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-369
Vulnerability from certfr_avis - Published: 2021-05-12 - Updated: 2021-05-12
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une exécution de code à distance, une atteinte à la confidentialité des données, une usurpation d'identité et un contournement de la fonctionnalité de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 23 | ||
| Microsoft | N/A | Skype pour Business Server 2019 CU5 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 19 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | ||
| Microsoft | N/A | Dynamics 365 pour Finance and Operations | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 8 | ||
| Microsoft | N/A | common_utils.py | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | ||
| Microsoft | N/A | Visual Studio Code | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour 64 bits Systems | ||
| Microsoft | N/A | Skype pour Business Server 2015 CU11 | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 20 | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 9 | ||
| Microsoft | N/A | Visual Studio 2019 pour Mac version 8.9 | ||
| Microsoft | N/A | Microsoft Lync Server 2013 CU10 | ||
| Microsoft | N/A | Visual Studio Code Remote - Containers Extension | ||
| Microsoft | N/A | Web Media Extensions |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business Server 2019 CU5",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 19",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Dynamics 365 pour Finance and Operations",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 8",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "common_utils.py",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype pour Business Server 2015 CU11",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 20",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio 2019 pour Mac version 8.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Lync Server 2013 CU10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code Remote - Containers Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Web Media Extensions",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-26421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26421"
},
{
"name": "CVE-2021-28465",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28465"
},
{
"name": "CVE-2021-31195",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31195"
},
{
"name": "CVE-2021-27068",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27068"
},
{
"name": "CVE-2021-31176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31176"
},
{
"name": "CVE-2021-31198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31198"
},
{
"name": "CVE-2021-28455",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28455"
},
{
"name": "CVE-2021-31211",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31211"
},
{
"name": "CVE-2021-31213",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31213"
},
{
"name": "CVE-2021-31200",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31200"
},
{
"name": "CVE-2021-31179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31179"
},
{
"name": "CVE-2021-31207",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31207"
},
{
"name": "CVE-2021-31180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31180"
},
{
"name": "CVE-2021-31174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31174"
},
{
"name": "CVE-2021-26422",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26422"
},
{
"name": "CVE-2021-31209",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31209"
},
{
"name": "CVE-2021-31214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31214"
},
{
"name": "CVE-2021-31178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31178"
},
{
"name": "CVE-2021-31204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31204"
},
{
"name": "CVE-2021-28461",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28461"
},
{
"name": "CVE-2021-31175",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31175"
},
{
"name": "CVE-2021-31177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31177"
}
],
"initial_release_date": "2021-05-12T00:00:00",
"last_revision_date": "2021-05-12T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-369",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une ex\u00e9cution de\ncode \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une\nusurpation d\u0027identit\u00e9 et un contournement de la fonctionnalit\u00e9 de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 11 mai 2021",
"url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
}
]
}
CVE-2021-31178 (GCVE-0-2021-31178)
Vulnerability from cvelistv5 – Published: 2021-05-11 19:11 – Updated: 2024-08-03 22:55
VLAI
EPSS
Title
Microsoft Office Information Disclosure Vulnerability
Summary
Microsoft Office Information Disclosure Vulnerability
Severity
CWE
- Information Disclosure
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Office 2019 |
Affected:
19.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
|
| Microsoft | Microsoft Office Online Server |
Affected:
16.0.1 , < 16.0.10374.20000
(custom)
cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:* |
|
| Microsoft | Microsoft 365 Apps for Enterprise |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:* |
|
| Microsoft | Microsoft Excel 2016 |
Affected:
16.0.0.0 , < 16.0.5161.1000
(custom)
cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:* cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:* |
|
| Microsoft | Microsoft Office 2016 |
Affected:
16.0.0 , < 16.0.5161.1000
(custom)
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:* cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:* |
|
| Microsoft | Microsoft Excel 2013 Service Pack 1 |
Affected:
15.0.0.0 , < 15.0.5345.1000
(custom)
cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:* cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:* cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:* |
|
| Microsoft | Microsoft Office 2013 Service Pack 1 |
Affected:
15.0.0 , < 15.0.5345.1000
(custom)
cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:* cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:* cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:* |
|
| Microsoft | Microsoft Office Web Apps Server 2013 Service Pack 1 |
Affected:
15.0.1 , < 15.0.5345.1000
(custom)
cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:* |
Date Public
2021-05-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Office Online Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10374.20000",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*",
"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Excel 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5161.1000",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*",
"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5161.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*",
"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*"
],
"platforms": [
"ARM64-based Systems",
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Excel 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5345.1000",
"status": "affected",
"version": "15.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*",
"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*",
"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*"
],
"platforms": [
"ARM64-based Systems",
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5345.1000",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Office Web Apps Server 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5345.1000",
"status": "affected",
"version": "15.0.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Office Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T23:56:55.302Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31178"
}
],
"title": "Microsoft Office Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-31178",
"datePublished": "2021-05-11T19:11:28.000Z",
"dateReserved": "2021-04-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:55:53.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31179 (GCVE-0-2021-31179)
Vulnerability from cvelistv5 – Published: 2021-05-11 19:11 – Updated: 2024-08-03 22:55
VLAI
EPSS
Title
Microsoft Office Remote Code Execution Vulnerability
Summary
Microsoft Office Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Office 2019 |
Affected:
19.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
|
| Microsoft | Microsoft Office Online Server |
Affected:
16.0.1 , < 16.0.10374.20000
(custom)
cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:* |
|
| Microsoft | Microsoft 365 Apps for Enterprise |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:* |
|
| Microsoft | Microsoft Excel 2016 |
Affected:
16.0.0.0 , < 16.0.5161.1000
(custom)
cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:* cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:* |
|
| Microsoft | Microsoft Office 2016 |
Affected:
16.0.0 , < 16.0.5161.1000
(custom)
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:* cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:* |
|
| Microsoft | Microsoft Excel 2013 Service Pack 1 |
Affected:
15.0.0.0 , < 15.0.5345.1000
(custom)
cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:* cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:* cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:* |
|
| Microsoft | Microsoft Office 2013 Service Pack 1 |
Affected:
15.0.0 , < 15.0.5345.1000
(custom)
cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:* cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:* cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:* |
|
| Microsoft | Microsoft Office Web Apps Server 2013 Service Pack 1 |
Affected:
15.0.1 , < 15.0.5345.1000
(custom)
cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:* |
Date Public
2021-05-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31179"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:office_online_server:-:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Office Online Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.10374.20000",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*",
"cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Excel 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5161.1000",
"status": "affected",
"version": "16.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*",
"cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.5161.1000",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:rt:*:*:*",
"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x86:*",
"cpe:2.3:a:microsoft:excel:2013:sp1:*:*:*:*:x64:*"
],
"platforms": [
"ARM64-based Systems",
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Excel 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5345.1000",
"status": "affected",
"version": "15.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*",
"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*",
"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*"
],
"platforms": [
"ARM64-based Systems",
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5345.1000",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:office_web_apps_server:2013:sp1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Office Web Apps Server 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5345.1000",
"status": "affected",
"version": "15.0.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Office Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T23:56:55.824Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31179"
}
],
"title": "Microsoft Office Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-31179",
"datePublished": "2021-05-11T19:11:28.000Z",
"dateReserved": "2021-04-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:55:53.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31180 (GCVE-0-2021-31180)
Vulnerability from cvelistv5 – Published: 2021-05-11 19:11 – Updated: 2024-08-03 22:55
VLAI
EPSS
Title
Microsoft Office Graphics Remote Code Execution Vulnerability
Summary
Microsoft Office Graphics Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Office 2019 |
Affected:
19.0.0 , < https://aka.ms/OfficeSecurityReleases
(custom)
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:* |
|
| Microsoft | Microsoft 365 Apps for Enterprise |
Affected:
16.0.1 , < https://aka.ms/OfficeSecurityReleases
(custom)
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:* |
|
| Microsoft | Microsoft Word 2016 |
Affected:
16.0.1 , < publication
(custom)
cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:* |
|
| Microsoft | Microsoft Office 2013 Service Pack 1 |
Affected:
15.0.0 , < 15.0.5345.1000
(custom)
cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:* cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:* cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:* |
|
| Microsoft | Microsoft Word 2013 Service Pack 1 |
Affected:
15.0.1 , < 15.0.5345.1000
(custom)
cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:* |
Date Public
2021-05-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft 365 Apps for Enterprise",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "https://aka.ms/OfficeSecurityReleases",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:word:2016:*:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Word 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "16.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*",
"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*",
"cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*"
],
"platforms": [
"ARM64-based Systems",
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft Office 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5345.1000",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*"
],
"platforms": [
"ARM64-based Systems",
"32-bit Systems"
],
"product": "Microsoft Word 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5345.1000",
"status": "affected",
"version": "15.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:word:2013:sp1:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Word 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.5345.1000",
"status": "affected",
"version": "15.0.1",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Office Graphics Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T23:56:56.341Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31180"
}
],
"title": "Microsoft Office Graphics Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-31180",
"datePublished": "2021-05-11T19:11:29.000Z",
"dateReserved": "2021-04-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:55:53.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31195 (GCVE-0-2021-31195)
Vulnerability from cvelistv5 – Published: 2021-05-11 19:11 – Updated: 2025-02-28 19:57
VLAI
EPSS
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Spoofing
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 19 |
Affected:
15.01.0 , < 15.01.2176.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 8 |
Affected:
15.02.0 , < 15.02.0792.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Affected:
15.02.0 , < 15.02.0858.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 20 |
Affected:
15.01.0 , < 15.01.2242.010
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.018
(custom)
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
Date Public
2021-05-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-31195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:25:49.893038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:57:35.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 19",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2176.014",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0792.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0858.012",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 20",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2242.010",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.018",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T23:57:02.969Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31195"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-31195",
"datePublished": "2021-05-11T19:11:38.000Z",
"dateReserved": "2021-04-14T00:00:00.000Z",
"dateUpdated": "2025-02-28T19:57:35.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31198 (GCVE-0-2021-31198)
Vulnerability from cvelistv5 – Published: 2021-05-11 19:11 – Updated: 2025-02-28 20:55
VLAI
EPSS
Title
Microsoft Exchange Server Remote Code Execution Vulnerability
Summary
Microsoft Exchange Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Remote Code Execution
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Affected:
15.02.0 , < 15.02.0858.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 20 |
Affected:
15.01.0 , < 15.01.2242.010
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.018
(custom)
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 19 |
Affected:
15.01.0 , < 15.01.2176.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 8 |
Affected:
15.02.0 , < 15.02.0792.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:* |
Date Public
2021-05-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31198"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-894/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-31198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T20:24:09.809147Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T20:55:39.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0858.012",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 20",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2242.010",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.018",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 19",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2176.014",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0792.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T23:57:03.472Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31198"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-894/"
}
],
"title": "Microsoft Exchange Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-31198",
"datePublished": "2021-05-11T19:11:39.000Z",
"dateReserved": "2021-04-14T00:00:00.000Z",
"dateUpdated": "2025-02-28T20:55:39.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31200 (GCVE-0-2021-31200)
Vulnerability from cvelistv5 – Published: 2021-05-11 19:11 – Updated: 2024-08-03 22:55
VLAI
EPSS
Title
Common Utilities Remote Code Execution Vulnerability
Summary
Common Utilities Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | common_utils.py |
Affected:
1.0 , < 3.0
(custom)
cpe:2.3:a:microsoft:neural_network_intelligence:*:*:*:*:*:*:*:* |
Date Public
2021-05-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:neural_network_intelligence:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "common_utils.py",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Common Utilities Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T23:57:11.570Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31200"
}
],
"title": "Common Utilities Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-31200",
"datePublished": "2021-05-11T19:11:39.000Z",
"dateReserved": "2021-04-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:55:53.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31204 (GCVE-0-2021-31204)
Vulnerability from cvelistv5 – Published: 2021-05-11 19:11 – Updated: 2024-08-03 22:55
VLAI
EPSS
Title
.NET and Visual Studio Elevation of Privilege Vulnerability
Summary
.NET and Visual Studio Elevation of Privilege Vulnerability
Severity
CWE
- Elevation of Privilege
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | .NET Core 3.1 |
Affected:
3.1 , < 3.1.15-servicing.21214.3
(custom)
cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:* |
|
| Microsoft | .NET 5.0 |
Affected:
5.0.0 , < 5.0.6-servicing.21220.11
(custom)
cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:* |
|
| Microsoft | Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) |
Affected:
15.0.0 , < publication
(custom)
cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:* |
|
| Microsoft | Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) |
Affected:
16.0 , < publication
(custom)
cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) |
Affected:
16.0.0 , < publication
(custom)
cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* |
|
| Microsoft | Visual Studio 2019 for Mac version 8.9 |
Affected:
8.0 , < publication
(custom)
cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:* |
Date Public
2021-05-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204"
},
{
"name": "FEDORA-2021-a3c205f5b2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FVMWZPF4FR6JPFSNAIDIUDULHZJBVCW6/"
},
{
"name": "FEDORA-2021-13e3bd248f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6M7KL3KTHJVQNRA3CWFUTESQJARQEHSZ/"
},
{
"name": "FEDORA-2021-721731dc86",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA/"
},
{
"name": "FEDORA-2021-c06b64b5ee",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWF25Z3CZ6LYCOHZ7FPSFAQ426JUBUZ4/"
},
{
"name": "FEDORA-2021-f25eb9e302",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UV4ITB3SUDGR23G7XALUVKFJMZERFUKF/"
},
{
"name": "FEDORA-2021-d551431950",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFXJPQUYUITJMV75YN3XIGE3KKN5GOCU/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET Core 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.1.15-servicing.21214.3",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": ".NET 5.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.0.6-servicing.21220.11",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "16.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_2019:8.10:*:*:*:*:macos:*:*"
],
"platforms": [
"Unknown"
],
"product": "Visual Studio 2019 for Mac version 8.9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T23:57:03.970Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31204"
},
{
"name": "FEDORA-2021-a3c205f5b2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FVMWZPF4FR6JPFSNAIDIUDULHZJBVCW6/"
},
{
"name": "FEDORA-2021-13e3bd248f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6M7KL3KTHJVQNRA3CWFUTESQJARQEHSZ/"
},
{
"name": "FEDORA-2021-721731dc86",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F3VM3RMPE7PNNLLI3BPCSAXITQZCFCA/"
},
{
"name": "FEDORA-2021-c06b64b5ee",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWF25Z3CZ6LYCOHZ7FPSFAQ426JUBUZ4/"
},
{
"name": "FEDORA-2021-f25eb9e302",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UV4ITB3SUDGR23G7XALUVKFJMZERFUKF/"
},
{
"name": "FEDORA-2021-d551431950",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFXJPQUYUITJMV75YN3XIGE3KKN5GOCU/"
}
],
"title": ".NET and Visual Studio Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-31204",
"datePublished": "2021-05-11T19:11:40.000Z",
"dateReserved": "2021-04-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:55:53.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31207 (GCVE-0-2021-31207)
Vulnerability from cvelistv5 – Published: 2021-05-11 19:11 – Updated: 2025-10-21 23:25
VLAI
EPSS
Title
Microsoft Exchange Server Security Feature Bypass Vulnerability
Summary
Microsoft Exchange Server Security Feature Bypass Vulnerability
Severity
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Defense in Depth
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| http://packetstormsecurity.com/files/163895/Micro… | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.018
(custom)
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Affected:
15.02.0 , < 15.02.0858.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 20 |
Affected:
15.01.0 , < 15.01.2242.010
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 19 |
Affected:
15.01.0 , < 15.01.2176.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 8 |
Affected:
15.02.0 , < 15.02.0792.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:* |
Date Public
2021-05-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:53.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-819/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-31207",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T18:16:59.637651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31207"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:45.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31207"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00.000Z",
"value": "CVE-2021-31207 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.018",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0858.012",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 20",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2242.010",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 19",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2176.014",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0792.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Security Feature Bypass Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Defense in Depth",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T23:57:04.957Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-819/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163895/Microsoft-Exchange-ProxyShell-Remote-Code-Execution.html"
}
],
"title": "Microsoft Exchange Server Security Feature Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-31207",
"datePublished": "2021-05-11T19:11:41.000Z",
"dateReserved": "2021-04-14T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:45.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31209 (GCVE-0-2021-31209)
Vulnerability from cvelistv5 – Published: 2021-05-11 19:11 – Updated: 2025-02-28 19:57
VLAI
EPSS
Title
Microsoft Exchange Server Spoofing Vulnerability
Summary
Microsoft Exchange Server Spoofing Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Spoofing
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 9 |
Affected:
15.02.0 , < 15.02.0858.012
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 20 |
Affected:
15.01.0 , < 15.01.2242.010
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 |
Affected:
15.00.0 , < 15.00.1497.018
(custom)
cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 19 |
Affected:
15.01.0 , < 15.01.2176.014
(custom)
cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:* |
|
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 8 |
Affected:
15.02.0 , < 15.02.0792.015
(custom)
cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:* |
Date Public
2021-05-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:52.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31209"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-615/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-31209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-28T19:25:48.678953Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-28T19:57:20.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0858.012",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 20",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2242.010",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2013:cumulative_update_23:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2013 Cumulative Update 23",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.00.1497.018",
"status": "affected",
"version": "15.00.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2016 Cumulative Update 19",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.01.2176.014",
"status": "affected",
"version": "15.01.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft Exchange Server 2019 Cumulative Update 8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.02.0792.015",
"status": "affected",
"version": "15.02.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Exchange Server Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T23:57:05.943Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31209"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-615/"
}
],
"title": "Microsoft Exchange Server Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-31209",
"datePublished": "2021-05-11T19:11:43.000Z",
"dateReserved": "2021-04-14T00:00:00.000Z",
"dateUpdated": "2025-02-28T19:57:20.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31211 (GCVE-0-2021-31211)
Vulnerability from cvelistv5 – Published: 2021-05-11 19:11 – Updated: 2024-08-03 22:55
VLAI
EPSS
Title
Visual Studio Code Remote Code Execution Vulnerability
Summary
Visual Studio Code Remote Code Execution Vulnerability
Severity
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Visual Studio Code |
Affected:
1.0.0 , < 1.56
(custom)
cpe:2.3:a:microsoft:visual_studio_code:*:*:*:*:*:*:*:* |
Date Public
2021-05-11 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:55:52.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:visual_studio_code:*:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Visual Studio Code",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.56",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-05-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Visual Studio Code Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T23:57:06.445Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31211"
}
],
"title": "Visual Studio Code Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-31211",
"datePublished": "2021-05-11T19:11:43.000Z",
"dateReserved": "2021-04-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:55:52.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…