Issued: Tuesday, 31 August, 2021 |
Last Revision: Tuesday, 31 August, 2021 |
Vendor: |
Product: |
Severity Level: |
An information disclosure vulnerability (CVE-2021-33766) in Microsoft Exchange Server could allow an unauthenticated attacker to access and steal emails from a target’s mailbox.
If exploited, could reveal victims’ personal information, sensitive company data and more.
With this vulnerability, an unauthenticated attacker can perform configuration actions on mailboxes belonging to arbitrary users.
Description | CVE | CVSS3.0 Score |
Microsoft Exchange Information Disclosure Vulnerability | CVE-2021-33766 | 7.3 |
Table 1: Vulnerability details
Vulnerability / CVE | Affected Product(s) |
CVE-2021-33766 | Microsoft Exchange Server 2019 Cumulative Update 8 Microsoft Exchange Server 2016 Cumulative Update 19 Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016 Cumulative Update 20 Microsoft Exchange Server 2019 Cumulative Update 9 |
Table 2: Vulnerable versions
Ref- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33766
Entities are advised to check their patch record before applying it. If they have already installed the April & July 2021 update do not need to take any further action