Hello,
there is a C195 with OS 14.2.3-031 (not sure since when this version is installed)
and around 30-80 Users receive a
Spam Quarantine Notification
with unfamilar url (linked to OWA phishing) at button:
View Quarantine
Release
(it arrived from a external unfamilar SMTP Server)
Inside the report: it contained a sender and a reference line which is real business-case
ESA doens´t marked it as dangerous and transported it to end-user.
The Destination URL was linked to a unfamilar Website asking for OWA credentials.
Question: Did you ever heard of such problem, do you think that this is in connection with CVE ?