← ExploitWatch
HomeExploited Vulnerabilities

CVE-2022-41040 — Actively Exploited: Exchange Server (Microsoft)

Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.

CVE IDCVE-2022-41040
VendorMicrosoft
ProductExchange Server
Vulnerability nameMicrosoft Exchange Server Server-Side Request Forgery Vulnerability
Date added2022-09-30
Remediation due2022-10-21
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionMicrosoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →