CVE-2014-6319

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions 2007 SP3 through 2013 SP1 and Cumulative Update 6

Description A token spoofing issue exists due to the improper validation of tokens in requests by the Outlook Web App (OWA) in Microsoft Exchange Server. This allows remote attackers to spoof the origin of email messages, potentially sending emails that appear to come from a trusted source rather than the actual sender.

Recommendations For Microsoft Exchange Server 2007 SP3, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2010 SP3, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2013 SP1 and Cumulative Update 6, update to a version that includes the fix for this issue.