What is CVE-2022-21846?

CVE-2022-21846 is a remote code execution vulnerability in Microsoft Exchange Server.

How severe is CVE-2022-21846?

CVE-2022-21846 is classified as critical with a severity value of 9.

Which versions of Microsoft Exchange Server are affected by CVE-2022-21846?

The versions of Microsoft Exchange Server affected by CVE-2022-21846 are 2013 cumulative update 23, 2016 cumulative update 21 and 22, and 2019 cumulative update 10 and 11.

How can I fix CVE-2022-21846?

To fix CVE-2022-21846, you should apply the relevant security updates provided by Microsoft.

Where can I find more information about CVE-2022-21846?

You can find more information about CVE-2022-21846 on the official Microsoft Security Guidance Advisory page: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21846

Vulnerability/
CVE-2022-21846

critical

11/1/2022

14/11/2024

CVE-2022-21846: Microsoft Exchange Server Remote Code Execution Vulnerability

First published: Tue Jan 11 2022(Updated: )

Microsoft Exchange Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21855, CVE-2022-21969.

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Exchange Server	=2013-cumulative_update_23
Microsoft Exchange Server	=2016-cumulative_update_21
Microsoft Exchange Server	=2016-cumulative_update_22
Microsoft Exchange Server	=2019-cumulative_update_10
Microsoft Exchange Server	=2019-cumulative_update_11
Microsoft Exchange Server 2019	=11	fix available externally
Microsoft Exchange Server 2016	=21	fix available externally
Microsoft Exchange Server 2019	=10	fix available externally
Microsoft Exchange Server 2016	=22	fix available externally
Microsoft Exchange Server 2013	=23	fix available externally

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21846

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-21846?
CVE-2022-21846 is a remote code execution vulnerability in Microsoft Exchange Server.
How severe is CVE-2022-21846?
CVE-2022-21846 is classified as critical with a severity value of 9.
Which versions of Microsoft Exchange Server are affected by CVE-2022-21846?
The versions of Microsoft Exchange Server affected by CVE-2022-21846 are 2013 cumulative update 23, 2016 cumulative update 21 and 22, and 2019 cumulative update 10 and 11.
How can I fix CVE-2022-21846?
To fix CVE-2022-21846, you should apply the relevant security updates provided by Microsoft.
Where can I find more information about CVE-2022-21846?
You can find more information about CVE-2022-21846 on the official Microsoft Security Guidance Advisory page: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21846

agent/author
agent/type
agent/description
collector/nvd-index
agent/software-canonical-lookup-request
agent/title
agent/remedy
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
collector/msrc-cve
source/Microsoft
agent/software-canonical-lookup
agent/severity
agent/softwarecombine
agent/first-publish-date
agent/tags
agent/event
collector/nvd-api
source/NVD
vendor/microsoft
canonical/microsoft exchange server
version/microsoft exchange server/2013-cumulative_update_23
version/microsoft exchange server/2016-cumulative_update_21
version/microsoft exchange server/2016-cumulative_update_22
version/microsoft exchange server/2019-cumulative_update_10
version/microsoft exchange server/2019-cumulative_update_11
canonical/microsoft exchange server 2019
version/microsoft exchange server 2019/11
canonical/microsoft exchange server 2016
version/microsoft exchange server 2016/21
version/microsoft exchange server 2019/10
version/microsoft exchange server 2016/22
canonical/microsoft exchange server 2013
version/microsoft exchange server 2013/23