Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2020-16875

A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised. The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.

Published: Sep 11, 2020
Updated: Nov 16, 2025
CVE: CVE-2020-16875
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.4
AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

Affected Software
References

Software	From	Fixed in
microsoft / exchange_server	2019-cumulative_update_6	2019-cumulative_update_6.x
microsoft / exchange_server	2019-cumulative_update_5	2019-cumulative_update_5.x
microsoft / exchange_server	2016-cumulative_update_17	2016-cumulative_update_17.x
microsoft / exchange_server	2016-cumulative_update_16	2016-cumulative_update_16.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo