lukastribus
commented
3 years ago "Potentially vulnerable" means that this script cannot determine anything (because it's just looking at the version, which is not saying anything). Also see #4
I strongly suggest people use Microsoft's nmap script instead, which does proper detection:
https://github.com/microsoft/CSS-Exchange/blob/main/Security/src/http-vuln-cve2021-26855.nse
Line 64 -> 71 Server version is at most 15.0.1497, does this mean that 2013s are still at risk even after the patch? Compare Microsoft: https://docs.microsoft.com/de-de/exchange/new-features/build-numbers-and-release-dates?view=exchserver-2019#exchange-server-2013
Cheers