Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 1 - 18 of 18
Microsoft | Exchange Server

CVE-2021-31196

Microsoft Exchange Server Information Disclosure Vulnerability: Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-21
  • Due Date: 2024-09-11
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2021-31196; https://nvd.nist.gov/vuln/detail/CVE-2021-31196
Microsoft | Exchange Server

CVE-2024-21410

Microsoft Exchange Server Privilege Escalation Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-02-15
  • Due Date: 2024-03-07
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410; https://nvd.nist.gov/vuln/detail/CVE-2024-21410
Microsoft | Exchange Server

CVE-2022-41080

Microsoft Exchange Server Privilege Escalation Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2023-01-10
  • Due Date: 2023-01-31
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41080; https://nvd.nist.gov/vuln/detail/CVE-2022-41080
Microsoft | Exchange Server

CVE-2022-41040

Microsoft Exchange Server Server-Side Request Forgery Vulnerability: Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-30
  • Due Date: 2022-10-21
Additional Notes
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/; https://nvd.nist.gov/vuln/detail/CVE-2022-41040
Microsoft | Exchange Server

CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-30
  • Due Date: 2022-10-21
Additional Notes
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/; https://nvd.nist.gov/vuln/detail/CVE-2022-41082
Microsoft | Malware Protection Engine

CVE-2017-8540

Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-8540
Microsoft | Exchange Server

CVE-2018-8581

Microsoft Exchange Server Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-8581
Microsoft | Exchange Server

CVE-2021-33766

Microsoft Exchange Server Information Disclosure: Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-01-18
  • Due Date: 2022-02-01
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-33766
Microsoft | Exchange

CVE-2021-42321

Microsoft Exchange Server Remote Code Execution Vulnerability: An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.

Related CWEs: CWE-184| CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-17
  • Due Date: 2021-12-01
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-42321
Microsoft | Exchange Server

CVE-2020-17144

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-17144
Microsoft | Exchange Server

CVE-2021-26857

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-04-16
Additional Notes
Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26857
Microsoft | Exchange Server

CVE-2021-27065

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Related CWE: CWE-39

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-04-16
Additional Notes
Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-27065
Microsoft | Exchange Server

CVE-2021-26858

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-04-16
Additional Notes
Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26858
Microsoft | Exchange Server

CVE-2021-26855

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-04-16
Additional Notes
Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26855
Microsoft | Exchange Server

CVE-2021-31207

Microsoft Exchange Server Security Feature Bypass Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.

Related CWEs: CWE-20| CWE-434

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-31207
Microsoft | Exchange Server

CVE-2021-34473

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-34473
Microsoft | Exchange Server

CVE-2020-0688

Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability: Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-0688
Microsoft | Exchange Server

CVE-2021-34523

Microsoft Exchange Server Privilege Escalation Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-34523

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now