MS Exchange Server RCE via CVE-2023-36778
CVE-2023-36778 Published on October 10, 2023
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server Remote Code Execution Vulnerability
Weakness Type
What is an Untrusted Path Vulnerability?
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
CVE-2023-36778 has been classified to as an Untrusted Path vulnerability or weakness.
Products Associated with CVE-2023-36778
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-36778 are published in Microsoft Exchange Server:
Affected Versions
Microsoft Exchange Server 2019 Cumulative Update 13:- Version 15.02.0 and below 15.02.1258.027 is affected.
- Version 15.02.0 and below 15.02.1118.039 is affected.
- Version 15.01.0 and below 15.01.2507.034 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.