Vulnerability in Microsoft Exchange Server 2016

CVE-2019-1266

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'.

EPSS: 0.004 (59.9th percentile) — read the EPSS interpretation.

Affected products

Microsoft Exchange Server 2016 — versions Cumulative Update 12, Cumulative Update 13
Microsoft Exchange Server 2019 — versions Cumulative Update 1, Cumulative Update 2

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1266 (x_refsource_MISC)