What is CVE-2022-21980?

CVE-2022-21980 is a vulnerability in Microsoft Exchange Server that allows an attacker to elevate their privileges.

How severe is CVE-2022-21980?

CVE-2022-21980 is classified as a critical vulnerability with a severity value of 8 out of 10.

Which versions of Microsoft Exchange Server are affected by CVE-2022-21980?

Microsoft Exchange Server 2016 versions 22 and 23, Microsoft Exchange Server 2013 version 23, and Microsoft Exchange Server 2019 versions 11 and 12 are affected by CVE-2022-21980.

How can I fix CVE-2022-21980?

To fix CVE-2022-21980, you should apply the relevant patches provided by Microsoft Exchange Server.

Where can I find more information about CVE-2022-21980?

You can find more information about CVE-2022-21980 on the Microsoft Security Response Center website.

Vulnerability/
CVE-2022-21980

high

9/8/2022

3/8/2024

CVE-2022-21980: Microsoft Exchange Server Elevation of Privilege Vulnerability

First published: Tue Aug 09 2022(Updated: )

Microsoft Exchange Server Elevation of Privilege Vulnerability

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Exchange Server	=2019 CU14
Microsoft Exchange Server
Microsoft Exchange Server	=2013-cumulative_update_23
Microsoft Exchange Server	=2016-cumulative_update_22
Microsoft Exchange Server	=2016-cumulative_update_23
Microsoft Exchange Server	=2019-cumulative_update_11
Microsoft Exchange Server	=2019-cumulative_update_12
	=11	fix available externally
	=23	fix available externally
	=22	fix available externally
	=23	fix available externally
	=12	fix available externally

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2022-21980?
CVE-2022-21980 is a vulnerability in Microsoft Exchange Server that allows an attacker to elevate their privileges.
How severe is CVE-2022-21980?
CVE-2022-21980 is classified as a critical vulnerability with a severity value of 8 out of 10.
Which versions of Microsoft Exchange Server are affected by CVE-2022-21980?
Microsoft Exchange Server 2016 versions 22 and 23, Microsoft Exchange Server 2013 version 23, and Microsoft Exchange Server 2019 versions 11 and 12 are affected by CVE-2022-21980.
How can I fix CVE-2022-21980?
To fix CVE-2022-21980, you should apply the relevant patches provided by Microsoft Exchange Server.
Where can I find more information about CVE-2022-21980?
You can find more information about CVE-2022-21980 on the Microsoft Security Response Center website.

agent/type
agent/first-publish-date
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2022-21980
alias/CVE-2022-24477
alias/CVE-2022-24516
alias/CVE-2024-21410
agent/severity
agent/references
agent/title
agent/author
agent/description
agent/news-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
collector/mitre-cve
source/MITRE
collector/msrc-cve
source/Microsoft
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
vendor/microsoft
canonical/microsoft exchange server
version/microsoft exchange server/2019 cu14
version/microsoft exchange server/2013-cumulative_update_23
version/microsoft exchange server/2016-cumulative_update_22
version/microsoft exchange server/2016-cumulative_update_23
version/microsoft exchange server/2019-cumulative_update_11
version/microsoft exchange server/2019-cumulative_update_12
canonical/microsoft exchange server 2013
version/microsoft exchange server 2013/23
canonical/microsoft exchange server 2019
version/microsoft exchange server 2019/12
version/microsoft exchange server 2019/11
canonical/microsoft exchange server 2016
version/microsoft exchange server 2016/23
version/microsoft exchange server 2016/22