ZDI-23-1579: (0Day) Microsoft Exchange DownloadDataFromUri Server-Side Request Forgery Information Disclosure Vulnerability

Nov. 2, 2023, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1.

0day attackers authentication cvss disclosure exchange exploit forgery information information disclosure information disclosure vulnerability microsoft microsoft exchange rating request sensitive sensitive information server server-side request forgery vulnerability zdi

Visit resource

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-439: Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Remote Code Execution Vulnerability 2 days, 11 hours ago | www.zerodayinitiative.com

arbitrary code attackers bluetooth code +20

ZDI-24-438: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 11 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-437: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 2 days, 11 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-436: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 11 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-435: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 2 days, 11 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-434: Dassault Systèmes eDrawings Viewer SAT File Parsing Uninitialized Variable Remote Code Execution Vulnerability 2 days, 11 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-433: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 11 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-432: Dassault Systèmes eDrawings Viewer JT File Parsing Memory Corruption Remote Code Execution Vulnerability 2 days, 11 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +17

ZDI-24-431: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2 days, 11 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

SAP Security Administrator

@ FARO Technologies | Americas-US-Lake Mary-125 Bldg

View on infosec-jobs.com

Cloud Security Engineer, Specialist

@ Vanguard | Malvern, PA

View on infosec-jobs.com

Cybersecurity Assessment and Authorization Specialist

@ Booz Allen Hamilton | USA, MD, Bethesda (9000 Rockville Pike)

View on infosec-jobs.com

Network Security Specialist

@ IAG GBS | Madrid, Spain

View on infosec-jobs.com

Information System Security Officer

@ CSEngineering | Nellis Air Force Base, NV, USA

View on infosec-jobs.com

Senior Consultant, Risk and Governance

@ CIBC | Toronto-CC East 11th Floor

View on infosec-jobs.com

View more jobs

all InfoSec news

ZDI-23-1579: (0Day) Microsoft Exchange DownloadDataFromUri Server-Side Request Forgery Information Disclosure Vulnerability

More from www.zerodayinitiative.com / ZDI: Published Advisories

Jobs in InfoSec / Cybersecurity

SAP Security Administrator

Cloud Security Engineer, Specialist

Cybersecurity Assessment and Authorization Specialist

Network Security Specialist

Information System Security Officer

Senior Consultant, Risk and Governance