Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2021-33766
PUBLISHEDMicrosoft Exchange Server Information Disclosure Vulnerability
- Vendor
- Microsoft
- Product
- Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 19, Microsoft Exchange Server 2019 Cumulative Update 8
- Published
- Jul 14, 2021
- EPSS
- —
Description
Microsoft Exchange Server Information Disclosure Vulnerability
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
Exploitation status
Exploited in the wild
Recorded 2022-01-18 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- partial
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Jan 18, 2022 |
| CISA | Jan 18, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-33766.yaml | Jun 01, 2026 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2021-09-15 09:09:20 UTC · 10 stars
CVE-2021-33766-poc
github · Created 2021-08-31 22:03:13 UTC · 47 stars
ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Added to KEVIntel
-
Detected by Nuclei