Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka “Microsoft Exchange Spoofing Vulnerability”.
[
{
"product": "Microsoft Exchange Server",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5"
}
]
}
]