14 matches found
CVE-2023-41763
CVE-2023-41763 refers to an elevation of privilege vulnerability in Microsoft Skype for Business Server. The HackerOne report notes the Skype for Business installation on a remote host was missing security updates and that the flaw was actively exploited, enabling attackers to access some sensiti...
CVE-2022-26911
Concrete details for CVE-2022-26911 show an information disclosure vulnerability in Microsoft Skype for Business-related servers. Affected products include Skype for Business Server 2019 (CU6), Skype for Business Server 2015 (CU12), and Microsoft Lync Server 2013 (CU10). The root cause is describ...
CVE-2024-20695
Technical details, affected versions, exploit methods, and remediation specifics for CVE-2024-20695 are not provided in the connected documents. Monitor vendor advisories and new public disclosures for updates.
CVE-2022-26910
CVE-2022-26910 is a spoofing vulnerability in Microsoft Skype for Business Server and Microsoft Lync (Lync) that can allow an attacker to spoof the user interface. The connected sources identify the affected products as Skype for Business Server 2019 (CU6) and Skype for Business Server 2015 (CU12...
CVE-2021-26422
CVE-2021-26422 is a Remote Code Execution vulnerability affecting Microsoft Skype for Business Server and Lync Server. The Nessus plugin confirms exploitability and Microsoft MSRC update guidance ties the CVE-2021-26422 to the May 2021 security update KB5003729, addressing vulnerabilities in Skyp...
CVE-2021-24099
CVE-2021-24099 affects Skype for Business Server and Lync Server. The issue is described as insufficient input validation in the Skype for Business Server/Lync Server stack, enabling a remote attacker to cause a denial of service (availability impact HIGH). Microsoft released security updates (KB...
CVE-2023-36780
Technical details about CVE-2023-36780 are not provided in the connected documents or initial description. Public information is limited; monitor for updates from official advisories to determine affected products, impact, and remediation.
CVE-2021-26421
CVE-2021-26421 affects Microsoft Skype for Business Server and Lync Server components (e.g., Skype for Business Server 2015 CU11, Lync Server 2013 CU10, etc.). The vulnerability is described as a spoofing of the user interface in Skype for Business and Lync, allowing an attacker to mimic another ...
CVE-2019-0798
CVE-2019-0798 is a spoofing vulnerability in Skype for Business Server and Lync Server where an attacker could exploit a specially crafted request URL to cause cross-site scripting or UI spoofing. The issue is tied to improper sanitization of crafted inputs in affected servers, enabling an authen...
CVE-2021-24073
CVE-2021-24073 affects Skype for Business Server / Lync (Microsoft Lync Server). Public docs describe a spoofing vulnerability where the user interface can be manipulated to impersonate another user. Impact described across sources includes spoofing of UI, with broader advisories noting associate...
CVE-2023-36789
CVE-2023-36789 is a remote code execution vulnerability in Microsoft Skype for Business Server. Reported as an affected component, the flaw allows network-based exploitation without user interaction and requires high privileges, with impacts on confidentiality, integrity, and availability (CVSS 3...
CVE-2023-36786
CVE-2023-36786 is a Microsoft Skype for Business Server remote code execution vulnerability. Connected docs confirm a remote-code-execution flaw affecting Skype for Business Server across versions (e.g., 2015 CU13 and 2019 CU7) and point to Microsoft updates (KB3061064, KB4470124) as remediation....
CVE-2015-2531
CVE-2015-2531 is an XSS vulnerability in the jQuery engine used by Microsoft Lync Server 2013 and Skype for Business Server 2015. The issue allows an unauthenticated, remote attacker to inject arbitrary web script or HTML via a crafted URL, potentially exposing session information and enabling sc...
CVE-2015-2536
The CVE-2015-2536 issue is an XSS vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015. The root cause is improper sanitization of input (notably via crafted URLs in the web context), enabling remote attackers to execute arbitrary script or HTML in a logged-in user’s bro...