CVE Daily
← All tags

Tag: Microsoft Exchange

All CVEs associated with "Microsoft Exchange". Page 3/3 • 250 CVEs.

Subscribe CVEs: RSS for “Microsoft Exchange”  ·  RSS (High+Critical only)

About “Microsoft Exchange”

A curated feed of “Microsoft Exchange”-related CVEs appears below. We currently track 250 CVEs for this tag (all time). In the last 365 days, 13 were published. Average CVSS is 6.8 (all time; 7.2 over 365d), and 53% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-20 - Improper Input Validation, CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-918 - Server-Side Request Forgery (SSRF).

In our taxonomy this topic maps to a LOW impact class. Mail servers and webmail risk credential theft and data exposure. Patch MTA or IMAP, enforce TLS and auth, lock down admin consoles, and validate anti spam or AV. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2001-07-21
High

CVE-2001-0340

An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a me…

CVSS: 7.5 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
2001-07-16
Medium

CVE-2001-1319

Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.

CVSS: 5.0 CWE: N/A View on NVD
2001-06-02
Medium

CVE-2001-0146

IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.

CVSS: 5.0 CWE: N/A View on NVD
2001-03-12
Medium

CVE-1999-0945

Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.

CVSS: 5.0 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2001-01-09
High

CVE-2000-1139

The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.

CVSS: 7.5 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2000-12-11
Medium

CVE-2000-1006

Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malf…

CVSS: 5.0 CWE: N/A View on NVD
1999-12-31
Medium

CVE-1999-1043

Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) malformed NNTP data, or (2) malformed SMTP data, which allows remote attackers to cause a denial of service (application error).

CVSS: 5.0 CWE: N/A View on NVD
1999-12-13
High

CVE-1999-0993

Modifications to ACLs (Access Control Lists) in Microsoft Exchange 5.5 do not take effect until the directory store cache is refreshed.

CVSS: 7.5 CWE: CWE-665 - Improper Initialization View on NVD
1999-08-06
Medium

CVE-1999-0682

Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.

CVSS: 5.0 CWE: N/A View on NVD
1999-05-12
High

CVE-1999-1368

AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detecti…

CVSS: 7.5 CWE: N/A View on NVD