For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

CVE-2021-26855 (SSRF) HAFNIUM APT Group Exploiting Microsoft Exchange Vulnerabilities

Recently, Microsoft has issued an out of band patch that aims to mitigate seven Remote Code Execution vulnerabilities in Microsoft Exchange. Microsoft Threat Intelligence Center (MSTIC) has observed ...

Published Mar 04, 2021

Version 1.0

Employee

Joined June 20, 2019

View Profile

Gal_Goldshtein

Employee

Joined June 20, 2019

View Profile

xaxe

Altostratus

Mar 10, 2021

Hi,

We're running Exchange (OWA) behind an F5 using the Exchange 2016 IAPP which presents the F5 forms based logon before even displaying the Exchange/OWA logon screen.

We are scrambling to patch the server, however are we protected by us being behind the IAPP/F5?

CVE-2021-26855 (SSRF) HAFNIUM APT Group Exploiting Microsoft Exchange Vulnerabilities

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS