CVE-2020-0688 | VulnIntel — VulnIntel

CVE-2020-0688

HIGH

KEV

KISA

Ransomware

설명

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.

Score Summary

CVSS Score: 8.8
Version: 3.1
Risk Score: 9.40
Attack Vector: Network
Low Complexity
Low Privileges
No User Interaction
Scope Unchanged
High Confidentiality Impact
High Integrity Impact
High Availability Impact

Details

Published: 02/11/2020(6 years ago)
Modified: 10/29/2025(7 months ago)
Source: KEV, NVD, KISA
Products: 1

CISA KEV Listing

Ransomware

Vendor / Project: Microsoft
Product: Exchange Server

Date Added: 11/03/2021
Due Date: 05/03/2022Overdue 1499d

Required Action

Apply updates per vendor instructions.

Listed in KISA bulletin

This CVE is referenced in a KISA security bulletin (Korean only).

Bulletin ID: 35609
Published: 2020-09-10

boho.or.kr

Vulnerability Lifecycle

NVDPublished02/11/2020
KISAKISA Listed02/11/2020
CISA KEV

Score Comparison by Source

Source	CVSS Version	Base Score	Severity	Vector String	Assessment Date
NVDNIST	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	04/20/2026
NVDNIST	2.0	9.0

CWE Weakness Classification

CWE-287
NVD
Secondary

References (7)

Affected Products (1)