Lucene search
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day InitiativeZDI-23-1417HistorySep 12, 2023 - 12:00 a.m.
Microsoft Exchange Project Deserialization of Untrusted Data Information Disclosure Vulnerability
2023-09-1200:00:00
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
10
microsoft
exchange
deserialization
vulnerability
information disclosure
authentication
project class
validation
user data
system
0.002 Low
EPSS
Percentile
53.5%
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of the Project class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM.
Related
cve
cve
CVE-2023-36777
2023-09-12 17:15:14
prion
prion
Information disclosure
2023-09-12 17:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-36777
2023-09-12 17:15:14
zdi
zdi
mscve
mscve
Microsoft Exchange Server Information Disclosure Vulnerability
2023-09-12 07:00:00
nessus
nessus
Security Updates for Microsoft Exchange Server (September 2023)
2023-09-12 00:00:00
kaspersky
kaspersky
KLA60568 Multiple vulnerabilities in Microsoft Server Software
2023-09-12 00:00:00
mskb
mskb
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, September 2023 Security Update Review
2023-09-12 19:20:31
rapid7blog
rapid7blog
Patch Tuesday - September 2023
2023-09-12 22:55:55