CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
CVE-2024-49040 | Microsoft Exchange Server Spoofing Vulnerability | Microsoft Exchange Server | Important | 28-11-2024 |
Technical Information
Due to improper verification of the P2 FROM header during email transport, the attacker may be permitted to pass non-RFC 5322 compliant headers, allowing to forge sender addresses and be displayed as legitimate by email clients potentially making malicious messages appear trustworthy.
Patch release date: Nov 12, 2024
Further information on this vulnerability is available at : CVE-2024-49040
Affected Software
Microsoft Exchange Server 2019 Cumulative Update 13,Microsoft Exchange Server 2019 Cumulative Update 14,
Microsoft Exchange Server 2016 Cumulative Update 23