ProxyNotShell SSRF — entry point for the two-CVE Exchange RCE chain. Apply November 2022 patches. Enable Extended Protection for Authentication (EPA) as official mitigation before patching. Disable PowerShell Remoting on Exchange if exploitation is a concern.
Microsoft Exchange Server Server-Side Request Forgery (SSRF) Vulnerability. ProxyNotShell entry point allowing authenticated users to trigger SSRF then chain with CVE-2022-41082.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →