CVE-2026-42897
Published May 14, 2026
Last updated a month ago
AI description
CVE-2026-42897 is a spoofing vulnerability impacting on-premises versions of Microsoft Exchange Server, including Exchange Server 2016, 2019, and Subscription Edition. This flaw, identified as an improper neutralization of input during web page generation (cross-site scripting or XSS), specifically affects Outlook Web Access (OWA). An attacker can exploit CVE-2026-42897 by sending a specially crafted email to a user. If the user opens this malicious email in Outlook Web Access, arbitrary JavaScript can be executed within the context of their browser, enabling spoofing over the network. Microsoft has confirmed that this vulnerability is under active exploitation.
- Description
- Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
- Products
- exchange_server
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Microsoft Exchange Server Cross-Site Scripting Vulnerability
- Exploit added on
- May 15, 2026
- Exploit action due
- May 29, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- secure@microsoft.com
- CWE-79
- Hype score
- Not currently trending
Microsoft’s latest Patch Tuesday updates resolve an actively exploited Exchange Server vulnerability tracked as CVE-2026-42897. https://t.co/n0MxtEsRUm
@blackwired32799
13 Jun 2026
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-42897 2 - CVE-2026-2005 3 - CVE-2020-25728 4 - CVE-2026-8936 5 - CVE-2026-3910 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
12 Jun 2026
100 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Open an email in Exchange OWA and attacker JS runs in your session - no login, no patch for weeks. CVE-2026-42897 is live. https://t.co/mBTm3xyEBP #ThreatIntel #CVE https://t.co/wvlYeimExX
@threadlinqs
11 Jun 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-8088 2 - CVE-2026-49980 3 - CVE-2025-49604 4 - CVE-2026-42897 5 - CVE-2026-8054 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
11 Jun 2026
85 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
実悪用中のExchange-Serverのゼロデイ脆弱性CVE-2026-42897について、Microsoftが恒久的な修正パッチを公開しました。5月に暫定的な緩和策のみの段階で取り上げた脆弱性の続報です。細工メールをOutlook-Web-Access(OWA)
@MalwareBibleJP
10 Jun 2026
1010 Impressions
1 Retweet
10 Likes
2 Bookmarks
0 Replies
0 Quotes
Microsoft June 2026 Patch Tuesday is live. Exchange CVE-2026-42897 (CVSS 8.1, actively exploited OWA spoofing): permanent patch replaces the EMES temporary mitigation. SharePoint CVE-2026-45659 (CVSS 8.8 RCE) also drops today. Secure Boot legacy UEFI certs expire June 24.
@XavierRiveraX
9 Jun 2026
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2026 POC REPORT CVE-2026-41089 WinNetlogon RCE PoC: https://t.co/22dqVfDXKx CVE-2026-31431 K8s Escape PoC: https://t.co/hecVZZEAFH CVE-2026-3854 GitHub RCE PoC: https://t.co/U0pmzvzvs6 CVE-2026-42897 Exchange XSS src: https://t.co/GKt5HlN8Gf
@AlikBurton
5 Jun 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
ثغـ..رة CVE-2026-42897 في Microsoft Exchange Server: استغلال عبر رسائل بريد مصممة التفاصيل ... https://t.co/DwKiurWtJI #مركز_الأمن_السيبراني_للابحاث_والدراسات https://t.co/4kQYqCVOcZ
@ccforrs
30 May 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1.🧵CVE-2026-42897 actively exploited in on-prem Exchange. One crafted email → OWA → attacker's JS runs in your browser. CISA deadline: today. #Exchange #CVE #BlueTeam https://t.co/XaBrPlBxJw
@Nu11Sector
29 May 2026
61 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
(1/2) Microsoft Exchange has an actively exploited zero-day — CVE-2026-42897 — with no permanent patch. Next Patch Tuesday isn't until June 10. This CVE affects Exchange 2016, 2019, and SE. It's serious enough that the CISA deadline for federal agencies to take action is http
@Osec__
28 May 2026
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-49113 2 - CVE-2026-26980 3 - CVE-2026-31635 4 - CVE-2026-34908 5 - CVE-2026-42897 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
25 May 2026
154 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CVE-2026-42897: CISA advierte #hackeo masivo activo en #Microsoft Exchange #Server (OWA) (+MITIGACIÓN) https://t.co/fozBcOVUFQ
@newstecnicas
24 May 2026
61 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-42897 - Microsoft Exchange Server Cross-Site Scripting vulnerability https://t.co/ynMEMU9hkN https://t.co/1YvnrhQQHO
@scandaletti
24 May 2026
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-9082 2 - CVE-2026-9256 3 - CVE-2026-44578 4 - CVE-2026-42897 5 - CVE-2024-23265 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
24 May 2026
133 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2026-42897 | CVSS 8.1 ثغرة XSS في Microsoft Exchange Server تُستغلَل في هجمات فعلية. تؤثّر على Exchange 2016 و 2019 وSubscription Edition وتُمكّن اختراق Outlook Web Access. Microsoft أصدرت mitigation مؤقتة ريث
@KasperskyDev
23 May 2026
116 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Critical vulns: Microsoft Exchange zero-day (CVE-2026-42897) allows mailbox compromise. AI-gen 2FA bypass & new Azure/Entra ID (CVE-2026-42901) flaws threaten data privacy/integrity. Patch DNS! #Cybersecurity #ZeroDay #News
@YourAnon_irc
23 May 2026
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical Windows DNS Client RCE (CVE-2026-41096) and an actively exploited Exchange Server zero-day (CVE-2026-42897) threaten data privacy/integrity in transit. Patch urgently. #Cybersecurity #Vulnerabilities #News
@YourAnon_irc
21 May 2026
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Alert: Active Exploitation of Microsoft Exchange Server Vulnerability CVE-2026-42897 https://t.co/1gTV2akCwX
@Rw_csirt
20 May 2026
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CVE-2026-42897 في Exchange Server يُستغل فعلياً بدون patch. ثغرة XSS في OWA تتيح لمهاجم تشغيل JavaScript في متصفح الضحية عبر بريد مُعدّ. المتأثر: Exchange SE/2016/2019. CVSS 8.1 High. الحل المؤ
@KasperskyDev
20 May 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
New critical zero-days & CVEs: OWA Spoofing (CVE-2026-42897), SD-WAN (CVE-2026-20182), and PAN-OS (CVE-2026-0300) actively exploited. Threatens data privacy & integrity in transit. #Cybersecurity #ZeroDay #News
@YourAnon_irc
20 May 2026
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-42897. 0day Intel: Microsoft just confirmed CVE-2026-42897 is being actively exploited in the wild.
@lyrie_ai
20 May 2026
52 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2026-42897: 👇 One crafted email. Open it in OWA. Arbitrary JavaScript runs in your browser. That’s CVE-2026-42897 — actively exploited now. Hits every update level of on-prem Exchange 2016/2019/SE (Online safe). CISA added to KEV — feds must mitigate by May 29.…
@lyrie_ai
20 May 2026
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
⚠️ Vulnerabilidades en productos Microsoft ❗ CVE-2026-42897 ❗ CVE-2026-41615 ➡️ Más info: https://t.co/lbAhqD4eYj https://t.co/D99tEQdWTa
@CERTpy
19 May 2026
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two critical zero-days need your attention today. Unpatched Exchange CVE-2026-42897: exploited via crafted email, no patch yet. Cisco SD-WAN CVE-2026-20182 (CVSS 10.0): max-severity auth bypass, CISA 3-day federal deadline. Both active in the wild now. https://t.co/F0vOZsc5S2 htt
@OpenVPN
19 May 2026
105 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
받은 편지함에서 시작된 Exchange 제로데이 CVE-2026-42897, OWA 세션을 노린다 https://t.co/j8LnBsG7Gz #Security #Vulnerability #CVE #Microsoft #exchange #OWA #EEMS #EOMT #0day #Session #TheTechEdge #TTE #더테크엣지 #보안
@techedge_tte
18 May 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Addressing Exchange Server May 2026 vulnerability CVE-2026-42897 On May 14, 2026, Microsoft disclosed CVE-2026-42897, a reported vulnerability affecting Exchange Outlook Web Access (OWA). https://t.co/G7hxscp0GF https://t.co/rvG2VpuwAZ
@OvidiuPismac
18 May 2026
97 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
For defenders, cve-2026-42897 makes on-prem exchange an immediate mitigation p… should move fast. CVE-2026-42897 is an actively exploited Microsoft Exchange OWA zero-day that forces defende… 🔗 Details → https://t.co/dJKgkJR7NX
@SocXAInvaders
18 May 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
vendor dropped CVE-2026-42897. unauth RCE, CVSS high, actively exploited in the wild. if you run the affected stack, block external access to the affected endpoint until patched. #0day #RCE #CVE-2026-42897 https://t.co/s6kj35afGQ
@trerbbb
18 May 2026
117 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Legacy exposure keeps paying off for attackers. CVE-2026-42897 makes on-prem Exchange an immediate mitiga… CVE-2026-42897 is an actively exploited Microsoft Exchange OWA zero-day that forces defende… 🔗 Read → https://t.co/mclcDPfFPT
@fynn_JourX
18 May 2026
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Exchange Serverのゼロデイが攻撃に悪用される マイクロソフトが警告(CVE-2026-42897) ⚠️NGINXの脆弱性、公開直後に悪用されていることが明らかに(CVE-2026-42945) 〜サイバーセキュリティ週末の話題〜 https://t
@MachinaRecord
18 May 2026
210 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 CVE-2026-42897 makes on-prem Exchange an immediate mitigation priority CVE-2026-42897 is an actively exploited Microsoft Exchange OWA zero-day that forces defende… 🔗 Details → https://t.co/6fwQEzoDnk
@lucasverdan
18 May 2026
78 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Cisco SD-WAN (CVE-2026-20182) and Exchange Server (CVE-2026-42897) are actively exploited in the wild! Discover the top threats you must patch now. #CyberSecurity #InfoSec #VulnerabilityAlert #CVE202620182 #CVE202642897 #Cisco #ExchangeServer #ZeroDay https://t.co/sHCEyUdZVd htt
@the_yellow_fall
18 May 2026
428 Impressions
1 Retweet
2 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2026-42897. 0day Intel: Microsoft disclosed CVE-2026-42897 an actively exploited vuln in Exchange Outloo
@lyrie_ai
18 May 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
オンプレミスのMicrosoft Exchange Serverの脆弱性CVE-2026-42897が、細工されたメールを介して悪用される On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email #HackerNews (May 15) https://t.co/XzIcy2eTic
@foxbook
18 May 2026
283 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
【オンプレミスExchangeのCVE-2026-42897が実悪用】 オンプレミスMicrosoft Exchange Serverに影響するCVE-2026-42897が、実際の攻撃で悪用されています。 細工されたメールをユーザーがOWAで開くことで、条件次第ではブラウ
@01ra66it
17 May 2026
321 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical exploits (May 16): Exchange (CVE-2026-42897), SD-WAN (CVE-2026-20182) & DNS (CVE-2026-41096) severely threaten data privacy/integrity in transit. NGINX QUIC/SSL flaws deepen risks. #Cybersecurity #Vulnerabilities #News
@YourAnon_irc
17 May 2026
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email - The Hacker News https://t.co/CqyDeLCC8Y via @GoogleNews #CyberSecurity #Microsoft #Exchange #Exploited #CraftedEmail
@PHD2468
17 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A Crafted Email, a Browser Session, a Zero-Day: CVE-2026-42897 Hits Exchange by: Enigma Global Intelligence Team read now on: https://t.co/egdHsFcEFp
@EnigmaGlobalSW
17 May 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-42897 : XSS dans OWA, exécution JavaScript arbitraire par simple ouverture d'un email piégé. Exchange 2016, 2019 et SE on-premises touchés. Exchange Online épargné. EM Service applique la mitigation automatiquement. Sinon, EOMT.ps1 en mode manuel. Effets de bord :
@doctorkloud
17 May 2026
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-42945 2 - CVE-2026-46333 3 - CVE-2020-17103 4 - CVE-2026-41089 5 - CVE-2026-42897 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
17 May 2026
116 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email https://t.co/vxoVRVoRU4
@PVynckier
17 May 2026
116 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
New zero-days hit Microsoft Exchange (XSS/spoofing, CVE-2026-42897) & Windows DNS Client (RCE, CVE-2026-41096), plus Exim MTA (RCE, CVE-2026-45185). Critical for data privacy & integrity in transit. Patch ASAP! #Cybersecurity #InfoSec #Vulnerabilities
@YourAnon_irc
17 May 2026
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Exchange Zero-Day CVE-2026-42897 aktiv ausgenutzt. Experten empfehlen Isolierung hinter Zero-Trust-Gateway. On-Premises Exchange bleibt Hauptziel. #ZeroTrust #MicrosoftExchange #CVE https://t.co/33HA4Vrfvp
@wall_your_x
17 May 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-42897: XSS di Microsoft Exchange OWA yang Berujung Session Hijacking dan Spoofing Internal. #microsoft #server #cve #exchange https://t.co/9tPsao4SMn
@SavaBenediktus
17 May 2026
64 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 MICROSOFT EXCHANGE ZERO-DAY. ACTIVE EXPLOITATION. THIS IS WHY $ICP MATTERS ♾️ Microsoft has confirmed CVE-2026-42897, a Microsoft Exchange Server zero-day vulnerability. CISA has added it to the Known Exploited Vulnerabilities Catalog, meaning active exploitation has b
@ICPLEGEND1966
17 May 2026
104 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Zero-Day Alert: #CVE-2026-42897 Turns Exchange Servers Into Silent Cyber Weapons—No Patch in Sight + Video https://t.co/COSsn54vW6 Educational Purposes!
@UndercodeUpdate
17 May 2026
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Explotan vulnerabilidad CVE-2026-42897 en Microsoft Exchange Server local mediante correos manipulados Microsoft ha detectado una vulnerabilidad de spoofing y cross-site scripting (CVE-2026-42897) que afecta a versiones locales de Exchange https://t.co/3FieT5X3zK
@elhackernet
16 May 2026
2820 Impressions
10 Retweets
36 Likes
12 Bookmarks
1 Reply
0 Quotes
Critical alert: CVE-2026-42897 in Microsoft Exchange Server is under active exploitation. Ensure your systems are protected by applying the latest mitigations. Link: https://t.co/ENI8cvJWPi #CyberSecurity #Microsoft #Exchange #Server #CVE #Vulnerability #Exploit #Exploitation htt
@dailytechonx
16 May 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Daily Cyber Threat Summary: Critical Cisco SD-WAN Bug Exploited in Z... https://t.co/zB35wkyt7W CVE-2026-42897: Microsoft confirms activ... https://t.co/ZB9FoIKpVw #CyberSecurity
@vulpsec
16 May 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Unpopular opinion: Patching CVE-2026-42897 won't save your CMMC assessment. 🧵 Thread 👇 https://t.co/gaWjzNUeGd
@CloudTechForce
16 May 2026
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:-:*:*:*:subscription:*:*:*",
"matchCriteriaId": "C43B55C8-566A-45EE-9E3C-0D270A632803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:-:*:*:*:*:*:*",
"matchCriteriaId": "8039FBA1-73D4-4FF2-B183-0DCC961CBFF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_1:*:*:*:*:*:*",
"matchCriteriaId": "56728785-188C-470A-9692-E6C7235109CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_10:*:*:*:*:*:*",
"matchCriteriaId": "63E362CB-CF75-4B7E-A4B1-D6D84AFCBB68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_11:*:*:*:*:*:*",
"matchCriteriaId": "9BE04790-85A2-4078-88CE-1787BC5172E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_12:*:*:*:*:*:*",
"matchCriteriaId": "CCF101BE-27FD-4E2D-A694-C606BD3D1ED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_13:*:*:*:*:*:*",
"matchCriteriaId": "4DF5BDB5-205D-4B64-A49A-0152AFCF4A13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_14:*:*:*:*:*:*",
"matchCriteriaId": "55284CF7-0D04-4216-83FE-4B1F9CA94207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_15:*:*:*:*:*:*",
"matchCriteriaId": "CA2CE223-AA49-49E6-AC32-59270EFF55AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_16:*:*:*:*:*:*",
"matchCriteriaId": "4830D6A9-AF74-480C-8F69-8648CD619980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_17:*:*:*:*:*:*",
"matchCriteriaId": "079E1E3F-FF25-4B0D-AC98-191D6455A014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_18:*:*:*:*:*:*",
"matchCriteriaId": "29805EC7-6403-44B9-91EC-109C087E98EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_19:*:*:*:*:*:*",
"matchCriteriaId": "28FCA0E8-7D27-4746-9731-91B834CA3E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_2:*:*:*:*:*:*",
"matchCriteriaId": "996163E7-6F3F-4D3B-AEA4-62A7F7E1F54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_20:*:*:*:*:*:*",
"matchCriteriaId": "19C1EE0C-B8DD-4B91-BE4B-1C42D72FB718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_21:*:*:*:*:*:*",
"matchCriteriaId": "3BE427A4-B0C2-4064-8234-29426325C348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_22:*:*:*:*:*:*",
"matchCriteriaId": "449CE85B-E599-44D3-A7C1-5133F6A55E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_23:*:*:*:*:*:*",
"matchCriteriaId": "FF76AEDA-E574-40ED-B64F-8FDEF8CAC802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_3:*:*:*:*:*:*",
"matchCriteriaId": "FE401B0A-DDE4-4A36-8E27-6DB14E094BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_4:*:*:*:*:*:*",
"matchCriteriaId": "450319C4-7C8F-43B7-B7F8-80DA4F1F2817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_5:*:*:*:*:*:*",
"matchCriteriaId": "23015889-48AF-40A5-862F-290E73A54E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_6:*:*:*:*:*:*",
"matchCriteriaId": "4FC34516-D7E7-4AD9-9B45-5474831548E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_7:*:*:*:*:*:*",
"matchCriteriaId": "5211792E-5292-41C0-B7E9-8AA63EC606EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_8:*:*:*:*:*:*",
"matchCriteriaId": "075E907F-AF2F-4C31-86C7-51972BE412A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2016:cumulative_update_9:*:*:*:*:*:*",
"matchCriteriaId": "69AF19DC-3D65-49A8-A85F-511085CDF27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "40D8A6DB-9225-4A3F-AD76-192F6CCCF002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_1:*:*:*:*:*:*",
"matchCriteriaId": "051DE6C4-7456-4C42-BC51-253208AADB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_10:*:*:*:*:*:*",
"matchCriteriaId": "B4185347-EEDD-4239-9AB3-410E2EC89D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_11:*:*:*:*:*:*",
"matchCriteriaId": "435343A4-BF10-461A-ABF2-D511A5FBDA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_12:*:*:*:*:*:*",
"matchCriteriaId": "B23C8E3E-5243-4DA6-B9AA-F6053084B55E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_13:*:*:*:*:*:*",
"matchCriteriaId": "583745C7-B802-4CBE-BD88-B5B9AF9B5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_14:*:*:*:*:*:*",
"matchCriteriaId": "8C98993B-82A5-48CC-947F-896CEA0CDB7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_2:*:*:*:*:*:*",
"matchCriteriaId": "EE320413-D2C9-4B28-89BF-361B44A3F0FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_3:*:*:*:*:*:*",
"matchCriteriaId": "104F96DC-E280-4E0A-8586-B043B55888C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_4:*:*:*:*:*:*",
"matchCriteriaId": "73B3B3FE-7E85-4B86-A983-2C410FFEF4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_5:*:*:*:*:*:*",
"matchCriteriaId": "8A9FB275-7F17-48B2-B528-BE89309D2AF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_6:*:*:*:*:*:*",
"matchCriteriaId": "D4AB3C25-CEA8-4D66-AEE4-953C8B17911A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_7:*:*:*:*:*:*",
"matchCriteriaId": "36CE5C6D-9A04-41F5-AE7C-265779833649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_8:*:*:*:*:*:*",
"matchCriteriaId": "44ECF39A-1DE1-4870-A494-06A53494338D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:exchange_server:2019:cumulative_update_9:*:*:*:*:*:*",
"matchCriteriaId": "71CDF29B-116B-4DE2-AFD0-B62477FF0AEB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]