PT-2021-3815 · Microsoft · Exchange Server
Orangetw
·
Published
2021-07-13
·
Updated
2026-07-07
·
CVE-2021-34473
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Microsoft Exchange Server (affected versions not specified)
Description
An issue exists in Microsoft Exchange Server related to code generation management errors. This flaw allows a remote attacker to execute arbitrary code and impact the system. In real-world incidents, this was part of a campaign targeting the Omani government, where attackers used ProxyShell exploits to compromise mail servers and gain persistent access via custom web shells to exfiltrate sensitive data from multiple ministries.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
SSRF
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Exchange Server