CVE-2014-6319

Microsoft Exchange Server - Info Disclosure

Title source: llm
STIX 2.1

Description

Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability."

References (1)

Core 1
Core References

Scores

EPSS 0.0970
EPSS Percentile 94.9%

Details

CWE
CWE-284
Status published
Products (3)
microsoft/exchange_server 2007 sp3
microsoft/exchange_server 2010 sp3
microsoft/exchange_server 2013 cumulative_update_6 (2 CPE variants)
Published Dec 11, 2014
Tracked Since Feb 18, 2026