#Microsoft Exchange Server

Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), some loss of integrity (I:L) but have no effect on availability (A:N). What is the impact of this vulnerability?** An attacker could spoof incorrect **5322.From** email address that is displayed to a user.

Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to no loss of confidentiality (C:N), some loss of integrity (I:L) but have no effect on availability (A:N). What is the impact of this vulnerability?** An attacker could spoof incorrect **5322.From** email address that is displayed to a user.

Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.

Exposure of sensitive information to an unauthorized actor in Microsoft Exchange Server allows an unauthorized attacker to disclose information over a network.

**What privileges could be gained by an attacker who successfully exploited the vulnerability within the organization’s cloud environment?** In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace. This risk arises because Exchange Server and Exchange Online share the same service principal in hybrid configurations.