CVE-2022-21980: 
vulnerability analysis and mitigation

Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2022-21980) was disclosed and published on August 9, 2022. This vulnerability affects multiple versions of Microsoft Exchange Server, including Exchange Server 2013 Cumulative Update 23, Exchange Server 2016 Cumulative Updates 22 and 23, and Exchange Server 2019 Cumulative Updates 11 and 12 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.0 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs low privileges, requires user interaction, and can result in high impacts to confidentiality, integrity, and availability (NVD).

If successfully exploited, this vulnerability could allow an attacker to gain elevated privileges on the affected Microsoft Exchange Server systems, potentially compromising the confidentiality, integrity, and availability of the server (Microsoft Security).

Microsoft has released security updates to address this vulnerability. The fixes are available through various cumulative updates for affected Exchange Server versions. Organizations running affected versions of Exchange Server should apply the appropriate security updates (Microsoft Security).