Lucene search
+L
MicrosoftSkype For Business Server

14 matches found

CVE
CVE
added 2023/10/10 5:7 p.m.457 views

CVE-2023-41763

CVE-2023-41763 refers to an elevation of privilege vulnerability in Microsoft Skype for Business Server. The HackerOne report notes the Skype for Business installation on a remote host was missing security updates and that the flaw was actively exploited, enabling attackers to access some sensiti...

5.3CVSS7.1AI score0.90353EPSS
In wild
CVE
CVE
added 2022/04/15 7:5 p.m.309 views

CVE-2022-26911

Concrete details for CVE-2022-26911 show an information disclosure vulnerability in Microsoft Skype for Business-related servers. Affected products include Skype for Business Server 2019 (CU6), Skype for Business Server 2015 (CU12), and Microsoft Lync Server 2013 (CU10). The root cause is describ...

6.5CVSS6.5AI score0.03301EPSS
CVE
CVE
added 2024/02/13 6:2 p.m.228 views

CVE-2024-20695

Technical details, affected versions, exploit methods, and remediation specifics for CVE-2024-20695 are not provided in the connected documents. Monitor vendor advisories and new public disclosures for updates.

5.7CVSS6.2AI score0.0056EPSS
CVE
CVE
added 2022/04/15 7:5 p.m.200 views

CVE-2022-26910

CVE-2022-26910 is a spoofing vulnerability in Microsoft Skype for Business Server and Microsoft Lync (Lync) that can allow an attacker to spoof the user interface. The connected sources identify the affected products as Skype for Business Server 2019 (CU6) and Skype for Business Server 2015 (CU12...

5.3CVSS5.6AI score0.02251EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.181 views

CVE-2021-26422

CVE-2021-26422 is a Remote Code Execution vulnerability affecting Microsoft Skype for Business Server and Lync Server. The Nessus plugin confirms exploitability and Microsoft MSRC update guidance ties the CVE-2021-26422 to the May 2021 security update KB5003729, addressing vulnerabilities in Skyp...

7.2CVSS7.2AI score0.02219EPSS
CVE
CVE
added 2021/02/25 11:1 p.m.141 views

CVE-2021-24099

CVE-2021-24099 affects Skype for Business Server and Lync Server. The issue is described as insufficient input validation in the Skype for Business Server/Lync Server stack, enabling a remote attacker to cause a denial of service (availability impact HIGH). Microsoft released security updates (KB...

6.5CVSS6.4AI score0.02887EPSS
CVE
CVE
added 2023/10/10 5:8 p.m.126 views

CVE-2023-36780

Technical details about CVE-2023-36780 are not provided in the connected documents or initial description. Public information is limited; monitor for updates from official advisories to determine affected products, impact, and remediation.

7.2CVSS7.3AI score0.02563EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.117 views

CVE-2021-26421

CVE-2021-26421 affects Microsoft Skype for Business Server and Lync Server components (e.g., Skype for Business Server 2015 CU11, Lync Server 2013 CU10, etc.). The vulnerability is described as a spoofing of the user interface in Skype for Business and Lync, allowing an attacker to mimic another ...

7.1CVSS6.5AI score0.01411EPSS
CVE
CVE
added 2019/04/09 2:33 a.m.113 views

CVE-2019-0798

CVE-2019-0798 is a spoofing vulnerability in Skype for Business Server and Lync Server where an attacker could exploit a specially crafted request URL to cause cross-site scripting or UI spoofing. The issue is tied to improper sanitization of crafted inputs in affected servers, enabling an authen...

6.1CVSS6.2AI score0.02084EPSS
CVE
CVE
added 2021/02/25 11:1 p.m.108 views

CVE-2021-24073

CVE-2021-24073 affects Skype for Business Server / Lync (Microsoft Lync Server). Public docs describe a spoofing vulnerability where the user interface can be manipulated to impersonate another user. Impact described across sources includes spoofing of UI, with broader advisories noting associate...

7.1CVSS6.4AI score0.0162EPSS
CVE
CVE
added 2023/10/10 5:8 p.m.100 views

CVE-2023-36789

CVE-2023-36789 is a remote code execution vulnerability in Microsoft Skype for Business Server. Reported as an affected component, the flaw allows network-based exploitation without user interaction and requires high privileges, with impacts on confidentiality, integrity, and availability (CVSS 3...

7.2CVSS7.3AI score0.02428EPSS
CVE
CVE
added 2023/10/10 5:8 p.m.90 views

CVE-2023-36786

CVE-2023-36786 is a Microsoft Skype for Business Server remote code execution vulnerability. Connected docs confirm a remote-code-execution flaw affecting Skype for Business Server across versions (e.g., 2015 CU13 and 2019 CU7) and point to Microsoft updates (KB3061064, KB4470124) as remediation....

7.2CVSS7.3AI score0.02458EPSS
CVE
CVE
added 2015/09/09 12:0 a.m.81 views

CVE-2015-2531

CVE-2015-2531 is an XSS vulnerability in the jQuery engine used by Microsoft Lync Server 2013 and Skype for Business Server 2015. The issue allows an unauthenticated, remote attacker to inject arbitrary web script or HTML via a crafted URL, potentially exposing session information and enabling sc...

4.3CVSS5AI score0.10889EPSS
CVE
CVE
added 2015/09/09 12:0 a.m.81 views

CVE-2015-2536

The CVE-2015-2536 issue is an XSS vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015. The root cause is improper sanitization of input (notably via crafted URLs in the web context), enabling remote attackers to execute arbitrary script or HTML in a logged-in user’s bro...

4.3CVSS5.2AI score0.08863EPSS