CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
88.0%
Multiple vulnerabilities were found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges.
Below is a complete list of vulnerabilities:
CVE-2022-30134 high
CVE-2022-24516 critical
CVE-2022-21979 warning
CVE-2022-34692 high
CVE-2022-21980 critical
CVE-2022-24477 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
support.microsoft.com/kb/5015322
support.microsoft.com/kb/5019076
support.microsoft.com/kb/5019077
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21979
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21980
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24477
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24516
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30134
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34692
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Exchange-Server/