gptkbp:instanceOf
|
gptkb:security
|
gptkbp:affects
|
gptkb:Microsoft_Exchange_Server
|
gptkbp:describes
|
A server-side request forgery (SSRF) vulnerability in Microsoft Exchange Server that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server.
|
gptkbp:hasAttackComplexity
|
Low
|
gptkbp:hasAttackVector
|
gptkb:network_protocol
|
gptkbp:hasCVEID
|
gptkb:CVE-2021-26855
|
gptkbp:hasCVSSScore
|
9.1
|
gptkbp:hasCWE
|
gptkb:CWE-918
|
gptkbp:hasNVDEntry
|
https://nvd.nist.gov/vuln/detail/CVE-2021-26855
|
gptkbp:hasPatchAvailable
|
true
|
gptkbp:hasPrivilegesRequired
|
nan
|
gptkbp:hasSeverity
|
Critical
|
gptkbp:hasType
|
Server-Side Request Forgery
|
gptkbp:hasUserInteraction
|
nan
|
gptkbp:hasVendorAdvisory
|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855
|
https://www.w3.org/2000/01/rdf-schema#label
|
CVE-2021-26855
|
gptkbp:isExploitedInTheWild
|
true
|
gptkbp:isRemoteCodeExecution
|
true
|
gptkbp:isUsedInChainWith
|
CVE-2021-26857
CVE-2021-26858
CVE-2021-27065
|
gptkbp:partOf
|
gptkb:ProxyLogon
|
gptkbp:wasDisclosed
|
2021-03-02
|
gptkbp:bfsParent
|
gptkb:APT3
gptkb:ProxyLogon
|
gptkbp:bfsLayer
|
7
|