CVE-2021-1730

A spoofing vulnerability exists in Microsoft Exchange Server which could result in an attack that would allow a malicious actor to impersonate the user. This update addresses this vulnerability. To prevent these types of attacks, Microsoft recommends customers to download inline images from different DNSdomains than the rest of OWA. Please see further instructions in the FAQ to put in place this mitigations.

Published: Feb 26, 2021
Updated: Dec 30, 2023
CVE: CVE-2021-1730
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / exchange_server	2019-cumulative_update_7	2019-cumulative_update_7.x
microsoft / exchange_server	2016-cumulative_update_18	2016-cumulative_update_18.x

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1730

Vulnerability Database

289,689

CVE-2021-1730