Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-41082
PUBLISHED
More InfoOfficial Page
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
View Known Exploited Vulnerability (KEV) details
Published At-03 Oct, 2022 | 00:00
Updated At-21 Oct, 2025 | 23:15
Rejected At-
▼CVE Numbering Authority (CNA)
Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server Remote Code Execution Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2013 Cumulative Update 23
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.00.0 before 15.00.1497.044 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2016 Cumulative Update 22
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.0.0 before 15.01.2375.037 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2019 Cumulative Update 11
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.02.0 before 15.02.0986.036 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2019 Cumulative Update 12
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.02.0 before 15.02.1118.020 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Exchange Server 2016 Cumulative Update 23
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.01.0 before 15.01.2507.016 (custom)
Problem Types
TypeCWE IDDescription
ImpactN/ARemote Code Execution
Type: Impact
CWE ID: N/A
Description: Remote Code Execution
Metrics
VersionBase scoreBase severityVector
3.18.0HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Version: 3.1
Base score: 8.0
Base severity: HIGH
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.vicarius.io/vsociety/posts/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-detection-script
N/A
https://www.vicarius.io/vsociety/posts/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-mitigation-script
N/A
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41082
x_transferred
https://www.kb.cert.org/vuls/id/915563
third-party-advisory
x_transferred
http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html
x_transferred
https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/
x_transferred
Hyperlink: https://www.vicarius.io/vsociety/posts/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-detection-script
Resource: N/A
Hyperlink: https://www.vicarius.io/vsociety/posts/cve-2022-41082-microsoft-exchange-server-remote-code-execution-vulnerability-mitigation-script
Resource: N/A
Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41082
Resource:
x_transferred
Hyperlink: https://www.kb.cert.org/vuls/id/915563
Resource:
third-party-advisory
x_transferred
Hyperlink: http://packetstormsecurity.com/files/170066/Microsoft-Exchange-ProxyNotShell-Remote-Code-Execution.html
Resource:
x_transferred
Hyperlink: https://www.secpod.com/blog/microsoft-november-2022-patch-tuesday-patches-65-vulnerabilities-including-6-zero-days/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502 Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: CWE-502 Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
kev
dateAdded:
2022-09-30
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41082
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
CVE-2022-41082 added to CISA KEV2022-09-30 00:00:00
Event: CVE-2022-41082 added to CISA KEV
Date: 2022-09-30 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41082
government-resource
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-41082
Resource:
government-resource
Details not found