CVE-2019-1266

Description

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'.

Affected products

• Microsoft / Microsoft Exchange Server 2016Cumulative Update 12 – Cumulative Update 12
• Microsoft / Microsoft Exchange Server 2016Cumulative Update 13 – Cumulative Update 13
• Microsoft / Microsoft Exchange Server 2019Cumulative Update 1 – Cumulative Update 1
• Microsoft / Microsoft Exchange Server 2019Cumulative Update 2 – Cumulative Update 2

References

• VENDOR_ADVISORYhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1266