All the vulnerabilites related to Microsoft - Microsoft Lync Server 2013
cve-2019-0798
Vulnerability from cvelistv5
Published
2019-04-09 02:33
Modified
2024-08-04 17:58
Severity ?
EPSS score ?
Summary
A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.
References
▼ | URL | Tags |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0798 | x_refsource_CONFIRM |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T17:58:59.156Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0798" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Skype for Business Server 2015", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "March 2019 Update" } ] }, { "product": "Microsoft Lync Server 2013", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "July 2018 Update" } ] } ], "datePublic": "2019-03-12T00:00:00", "descriptions": [ { "lang": "en", "value": "A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business and Lync Spoofing Vulnerability\u0027." } ], "problemTypes": [ { "descriptions": [ { "description": "Spoofing", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2019-04-09T02:33:50", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0798" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-0798", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Skype for Business Server 2015", "version": { "version_data": [ { "version_value": "March 2019 Update" } ] } }, { "product_name": "Microsoft Lync Server 2013", "version": { "version_data": [ { "version_value": "July 2018 Update" } ] } } ] }, "vendor_name": "Microsoft" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business and Lync Spoofing Vulnerability\u0027." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Spoofing" } ] } ] }, "references": { "reference_data": [ { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0798", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0798" } ] } } } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-0798", "datePublished": "2019-04-09T02:33:50", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T17:58:59.156Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-1025
Vulnerability from cvelistv5
Published
2020-07-14 22:53
Modified
2024-08-04 06:24
Severity ?
EPSS score ?
Summary
Microsoft Office Elevation of Privilege Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T06:24:59.514Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Skype for Business Server 2019 CU2", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Skype for Business Server 2015 CU 8", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "2015 CU 8", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Lync Server 2013", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SharePoint Enterprise Server 2016", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SharePoint Server 2019", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SharePoint Foundation 2013 Service Pack 1", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "datePublic": "2020-07-14T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.\nTo exploit this vulnerability, an attacker would need to modify the token.\nThe update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.\n" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of Privilege", "lang": "en-US", "type": "Impact" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-28T20:54:51.253Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025" } ], "title": "Microsoft Office Elevation of Privilege Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-1025", "datePublished": "2020-07-14T22:53:56", "dateReserved": "2019-11-04T00:00:00", "dateUpdated": "2024-08-04T06:24:59.514Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-24099
Vulnerability from cvelistv5
Published
2021-02-25 23:01
Modified
2024-08-03 19:21
Severity ?
EPSS score ?
Summary
Skype for Business and Lync Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24099 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T19:21:18.288Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24099" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Skype for Business Server 2019 CU2", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Skype for Business Server 2015 CU 8", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "2015 CU 8", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Lync Server 2013", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "datePublic": "2021-02-09T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Skype for Business and Lync Denial of Service Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of Service", "lang": "en-US", "type": "Impact" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-29T22:33:42.042Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24099" } ], "title": "Skype for Business and Lync Denial of Service Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2021-24099", "datePublished": "2021-02-25T23:01:51", "dateReserved": "2021-01-13T00:00:00", "dateUpdated": "2024-08-03T19:21:18.288Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-24073
Vulnerability from cvelistv5
Published
2021-02-25 23:01
Modified
2024-08-03 19:21
Severity ?
EPSS score ?
Summary
Skype for Business and Lync Spoofing Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24073 | x_refsource_MISC |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T19:21:17.267Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24073" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Skype for Business Server 2015 CU 8", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "2015 CU 8", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Lync Server 2013", "vendor": "Microsoft", "versions": [ { "lessThan": "publication", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "datePublic": "2021-02-09T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Skype for Business and Lync Spoofing Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "description": "Spoofing", "lang": "en-US", "type": "Impact" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-29T22:33:32.850Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24073" } ], "title": "Skype for Business and Lync Spoofing Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2021-24073", "datePublished": "2021-02-25T23:01:37", "dateReserved": "2021-01-13T00:00:00", "dateUpdated": "2024-08-03T19:21:17.267Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }