Lync Server Security Vulnerabilities and Issues — Lync Server CVE List

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."

9.3CVSS7.6AI score0.56445EPSS

CVE•added 2021/05/11 7:15 p.m.•101 views

CVE-2021-26421

Skype for Business and Lync Spoofing Vulnerability

7.1CVSS6.5AI score0.00578EPSS

CVE•added 2019/04/09 3:29 a.m.•96 views

CVE-2019-0798

A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.

6.1CVSS6.2AI score0.00554EPSS

CVE•added 2021/02/25 11:15 p.m.•85 views

CVE-2021-24073

Skype for Business and Lync Spoofing Vulnerability

7.1CVSS6.4AI score0.00453EPSS

CVE•added 2019/06/12 2:29 p.m.•75 views

CVE-2019-1029

A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights.To exploit...

7.1CVSS6AI score0.14394EPSS

CVE•added 2019/09/11 10:15 p.m.•74 views

CVE-2019-1209

An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'.

6.5CVSS6.1AI score0.13815EPSS

CVE•added 2015/09/09 12:59 a.m.•56 views

CVE-2015-2536

Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability."

4.3CVSS5.2AI score0.10443EPSS

CVE•added 2015/09/09 12:59 a.m.•55 views

CVE-2015-2531

Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability."

4.3CVSS5AI score0.15202EPSS

CVE•added 2014/06/11 4:56 a.m.•44 views

CVE-2014-1823

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability."

4.3CVSS5.5AI score0.2598EPSS

CVE•added 2014/09/10 1:55 a.m.•40 views

CVE-2014-4070

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability."

4.3CVSS4.9AI score0.18344EPSS

CVE•added 2014/09/10 1:55 a.m.•39 views

CVE-2014-4071

The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerability."

5CVSS6.5AI score0.31146EPSS

CVE•added 2014/09/10 1:55 a.m.•38 views

CVE-2014-4068

The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability."

5CVSS6.5AI score0.31146EPSS

CVE•added 2015/09/09 12:59 a.m.•38 views

CVE-2015-2532

Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync Server XSS Information Disclosure Vulnerability."

4.3CVSS4.9AI score0.11186EPSS