CVE-2017-8621

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions 2010 SP3 through 2016 CU5

Description An open redirect issue exists that could lead to spoofing. An attacker could exploit this by sending a specially crafted URL link, convincing an authenticated user to click it, and then redirecting the user's browser session to a malicious site impersonating a legitimate website. This could potentially allow the attacker to acquire sensitive information, such as the user's credentials.

Recommendations For Microsoft Exchange Server 2010 SP3, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2013 SP3 and CU16, update to a version that includes the fix for this issue. For Microsoft Exchange Server 2016 CU5, update to a version that includes the fix for this issue.