VDB
CVE-2024-49040
CVE-2024-49040
PUBLISHED
CVSS 8.699999809265137 HIGH
Es gibt eine Schwachstelle in Microsoft Exchange Server. Diese Schwachstelle besteht aufgrund eines Problems bei der Überprüfung des P2 FROM-Headers beim Transport von E-Mails. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, sodass Clients einen gefälschten Absender so anzeigen, als wäre er legitim.
EPSS 5.39% · 90.3th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
5.39%
90.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Mozilla Thunderbird ESR <128.7 | |
| Amazon | Amazon Linux 2 | |
| Ubuntu | Ubuntu Linux | |
| Debian | Debian Linux | |
| RESF | RESF Rocky Linux | |
| SUSE | SUSE openSUSE | |
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 14 | |
| Oracle | Oracle Linux | |
| Microsoft | Microsoft Exchange Server 2019 Cumulative Update 13 | |
| Mozilla | Mozilla Thunderbird <135 | |
| SUSE | SUSE Linux | |
| Xerox | Xerox FreeFlow Print Server 9 | |
| Microsoft | Microsoft Exchange Server 2016 Cumulative Update 23 | |
| Mozilla | Mozilla Firefox ESR <128.7 | |
| Red Hat | Red Hat Enterprise Linux | |
| Gentoo | Gentoo Linux | |
| IGEL | IGEL OS | |
| Mozilla | Mozilla Firefox ESR <115.20 | |
| Mozilla | Mozilla Firefox <135 |
Exploit Intelligence
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- Invoke-AnalyzerSecurityCveCheck.ps1 (github-poc)
- Invoke-AnalyzerSecurityCveCheck.ps1 (github-poc)
- Invoke-AnalyzerSecurityCveCheck.ps1 (github-poc)
- Invoke-AnalyzerSecurityCveCheck.ps1 (github-poc)
- Invoke-AnalyzerSecurityCveCheck.ps1 (github-poc)
- Invoke-AnalyzerSecurityCveCheck.ps1 (github-poc)
- Invoke-AnalyzerSecurityCveCheck.ps1 (github-poc)
Timeline
- Nov 12, 2024 Coalition ESS Score
- Nov 12, 2024 CVE Published
- Nov 13, 2024 EPSS Score
- Nov 13, 2024 Coalition ESS Score
- Nov 16, 2024 Coalition ESS Score
- Dec 2, 2024 EPSS Score
- Jan 6, 2025 EPSS Score
- Jan 24, 2025 EPSS Score
- Feb 28, 2025 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Apr 4, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3413.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3413 advisory
- https://msrc.microsoft.com/update-guide/ advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0262.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0262 advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-07/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-08/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-09/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-10/ advisory
- https://www.mozilla.org/en-US/security/advisories/mfsa2025-11/ advisory
- https://access.redhat.com/errata/RHSA-2025:1066 advisory
- https://linux.oracle.com/errata/ELSA-2025-1066.html advisory
- https://lists.debian.org/debian-security-announce/2025/msg00020.html advisory
- https://access.redhat.com/errata/RHSA-2025:1135 advisory
- https://access.redhat.com/errata/RHSA-2025:1136 advisory
- https://access.redhat.com/errata/RHSA-2025:1137 advisory
- https://access.redhat.com/errata/RHSA-2025:1138 advisory
- https://access.redhat.com/errata/RHSA-2025:1132 advisory
- https://access.redhat.com/errata/RHSA-2025:1133 advisory
- https://access.redhat.com/errata/RHSA-2025:1139 advisory
…and 36 more