--- GSD JSON ---
{
"vendor_name": "Microsoft",
"product_name": "Exchange Server",
"product_version": "Exchange Server 2019",
"vulnerability_type": "unknown",
"affected_component": "unknown",
"attack_vector": "network",
"impact": "remote code execution is reported",
"credit": "",
"references": [
"https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html",
""
],
"reporter": "kurtseifried",
"reporter_id": 582211,
"notes": "",
"description": "In Microsoft Exchange Server version Exchange Server 2019 and possibly earlier an undisclosed vulnerability exists in an undisclosed component that can be attacked via the network, reportedly resulting in remote code execution. This is also known as ZDI-CAN-18333, and public reports of exploitation are available. There are additional reports that indicate that attackers may be making use of an older, known (and fixed) vulnerability and that these newly exploited systems are not correctly patched and vulnerable to older exploits, however it should be noted that the ZDI reference does exist."
}
--- GSD JSON ---
/cc @kurtseifried