CVE-2023-21745 HIGH

CVE-2023-21745: Microsoft Exchange Server Spoofing Vulnerability

Vendor Microsoft
Product Microsoft Exchange Server 2016 Cumulative Update 23
Weakness CWE-502 · Unsafe deserialization
Published January 10, 2023
Last update February 28, 2025
View on NVD All CVEs

CVSS base score

8.0/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

What the vulnerability does

01Description

Microsoft Exchange Server Spoofing Vulnerability

Key dates

02Disclosure timeline

January 10, 2023 CVE published
February 28, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2022-37023 Apache Geode deserialization of untrusted data flaw when using REST API on Java 8 or Java 11 CVE-2023-40044 WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability CVE-2025-32569 WordPress TableOn plugin <= 1.0.4.3 - PHP Object Injection vulnerability CVE-2024-49227 WordPress Free Stock Photos Foter plugin <= 1.5.4 - PHP Object Injection vulnerability CVE-2025-31069 WordPress HotStar – Multi-Purpose Business Theme <= 1.4 - PHP Object Injection Vulnerability