If you’re a BreachSight customer, you can determine whether your organization is exposed by heading to Vulnerabilities under BreachSight and then search by CVE. Some notable Exchange vulnerabilities include CVE-2022-41040, CVE-2022-41082 and CVE-2021-26855. They will appear with subtitles describing the vulnerability.

If you’re a Vendor Risk customer, you can determine whether your vendors are exposed by heading to Portfolio Risk Profile under VENDOR RISK and click Apply filters in the top right corner of your screen. Once the side panel has appeared, use the Filter by CVE ID to search for the relevant CVE. If you don’t know how to filter the Portfolio Risk Profile, please see here.

Your screen will look similar to the example below.

Click on the down arrow to display the vendors who are believed to be running a vulnerable version of Microsoft Exchange. Once identified, we recommend that you use our remediation workflow to work with the identified vendors to apply the security patches immediately. Please see our article on how to request remediation from a vendor.