CVE-2017-11932

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server 2016 versions CU5

Description A spoofing issue exists due to the way Outlook Web Access (OWA) validates web requests. This could allow an attacker to perform script or content injection attacks and attempt to trick the user into disclosing sensitive information. The attacker could also redirect the user to a malicious website that could spoof content or be used to chain an attack with other vulnerabilities in web services.

Recommendations For Microsoft Exchange Server 2016 version CU5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.