PT-2021-3815 · Microsoft · Exchange Server

Orangetw

·

Published

2021-07-13

·

Updated

2026-07-07

·

CVE-2021-34473

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server (affected versions not specified)
Description An issue exists in Microsoft Exchange Server related to code generation management errors. This flaw allows a remote attacker to execute arbitrary code and impact the system. In real-world incidents, this was part of a campaign targeting the Omani government, where attackers used ProxyShell exploits to compromise mail servers and gain persistent access via custom web shells to exfiltrate sensitive data from multiple ministries.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

SSRF

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2021-04125
CVE-2021-34473
ZDI-21-821

Affected Products

Exchange Server