Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.

Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network.