CVE-2021-26855

GPTKB entity

Statements (26)
Predicate Object
gptkbp:instanceOf gptkb:security
gptkbp:affects gptkb:Microsoft_Exchange_Server
gptkbp:describes A server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server.
gptkbp:hasAttackComplexity Low
gptkbp:hasAttackVector gptkb:network_protocol
gptkbp:hasCVEID gptkb:CVE-2021-26855
gptkbp:hasCVSSScore 9.1
gptkbp:hasCWE gptkb:CWE-918
gptkbp:hasNVDEntry https://nvd.nist.gov/vuln/detail/CVE-2021-26855
gptkbp:hasPatchAvailable true
gptkbp:hasPrivilegesRequired nan
gptkbp:hasSeverity Critical
gptkbp:hasType Server-Side Request Forgery
gptkbp:hasUserInteraction nan
gptkbp:hasVendorAdvisory https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855
https://www.w3.org/2000/01/rdf-schema#label CVE-2021-26855
gptkbp:isExploitedInTheWild true
gptkbp:isRemoteCodeExecution true
gptkbp:isUsedInChainWith CVE-2021-26857
CVE-2021-26858
CVE-2021-27065
gptkbp:partOf gptkb:ProxyLogon
gptkbp:wasDisclosed 2021-03-02
gptkbp:bfsParent gptkb:APT3
gptkb:ProxyLogon
gptkbp:bfsLayer 7