CVE-2022-41040

Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution. Vendor/Product: Microsoft Exchange Server. Added to CISA KEV 2022-09-30; required action: Apply updates per vendor instructions.