<< Back
CVE Number Vulnerability Product Severity Date
CVE-2024-49040 Microsoft Exchange Server Spoofing Vulnerability Microsoft Exchange Server Important 28-11-2024

Technical Information

Due to improper verification of the P2 FROM header during email transport, the attacker may be permitted to pass non-RFC 5322 compliant headers, allowing to forge sender addresses and be displayed as legitimate by email clients potentially making malicious messages appear trustworthy.

Patch release date: Nov 12, 2024
Further information on this vulnerability is available at : CVE-2024-49040

Affected Software

Microsoft Exchange Server 2019 Cumulative Update 13,
Microsoft Exchange Server 2019 Cumulative Update 14,
Microsoft Exchange Server 2016 Cumulative Update 23
Notification
Powerd By Webengage