CVE-2022-24463
Published: 09 March 2022
Summary
CVE-2022-24463 is a medium-severity an unspecified weakness vulnerability in Microsoft Exchange Server. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 6.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Microsoft Exchange Server contains a spoofing vulnerability tracked as CVE-2022-24463. The flaw affects the server component and carries a CVSS 3.1 score of 6.5, reflecting network attack vector, low complexity, and low privileges required to impact confidentiality.
An authenticated attacker with low privileges can send specially crafted requests over the network to spoof identity or access restricted data, resulting in high confidentiality exposure without affecting integrity or availability.
Microsoft has published patches and guidance through its Security Response Center to address the issue. The EPSS score for this CVE reached a peak of 0.2125 after disclosure before settling at the current value of 0.1177, indicating a measurable increase in observed exploitation interest following public release.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-29345
Vulnerability details
Microsoft Exchange Server Spoofing Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.