Search criteria
10 vulnerabilities found for Microsoft Lync Server 2013 by Microsoft
CVE-2021-24099 (GCVE-0-2021-24099)
Vulnerability from cvelistv5 – Published: 2021-02-25 23:01 – Updated: 2024-08-03 19:21
VLAI?
Summary
Skype for Business and Lync Denial of Service Vulnerability
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Skype for Business Server 2019 CU2 |
Affected:
7.0.0 , < publication
(custom)
cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Skype for Business Server 2019 CU2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Skype for Business Server 2015 CU 8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2015 CU 8",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Lync Server 2013",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-09T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Skype for Business and Lync Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T22:33:42.042Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24099"
}
],
"title": "Skype for Business and Lync Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-24099",
"datePublished": "2021-02-25T23:01:51",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24073 (GCVE-0-2021-24073)
Vulnerability from cvelistv5 – Published: 2021-02-25 23:01 – Updated: 2024-08-03 19:21
VLAI?
Summary
Skype for Business and Lync Spoofing Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Skype for Business Server 2015 CU 8 |
Affected:
2015 CU 8 , < publication
(custom)
cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Skype for Business Server 2015 CU 8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2015 CU 8",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Lync Server 2013",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-09T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Skype for Business and Lync Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T22:33:32.850Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24073"
}
],
"title": "Skype for Business and Lync Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-24073",
"datePublished": "2021-02-25T23:01:37",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1025 (GCVE-0-2020-1025)
Vulnerability from cvelistv5 – Published: 2020-07-14 22:53 – Updated: 2024-08-04 06:24
VLAI?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.
To exploit this vulnerability, an attacker would need to modify the token.
The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
Severity ?
No CVSS data available.
CWE
- Elevation of Privilege
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Skype for Business Server 2019 CU2 |
Affected:
7.0.0 , < publication
(custom)
cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:* |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:24:59.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Skype for Business Server 2019 CU2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Skype for Business Server 2015 CU 8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2015 CU 8",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Lync Server 2013",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Enterprise Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Foundation 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-14T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.\nTo exploit this vulnerability, an attacker would need to modify the token.\nThe update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T20:54:51.253Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025"
}
],
"title": "Microsoft Office Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1025",
"datePublished": "2020-07-14T22:53:56",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:24:59.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1029 (GCVE-0-2019-1029)
Vulnerability from cvelistv5 – Published: 2019-06-12 13:49 – Updated: 2025-05-20 17:49
VLAI?
Summary
A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights.
To exploit the vulnerability, an attacker needs to obtain a dial-in link for a vulnerable server and then initiates a series of calls within a short amount of time.
The update addresses the vulnerability by correcting the way that Skype for Business server handles objects in memory.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Lync Server 2010 |
Affected:
0 , < publication
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:31.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Lync Server 2010",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Lync Server 2013",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:lync_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:lync_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2019-06-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker\u0027s user rights.\nTo exploit the vulnerability, an attacker needs to obtain a dial-in link for a vulnerable server and then initiates a series of calls within a short amount of time.\nThe update addresses the vulnerability by correcting the way that Skype for Business server handles objects in memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T17:49:45.878Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Skype for Business and Lync Server Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1029"
}
],
"title": "Skype for Business and Lync Server Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1029",
"datePublished": "2019-06-12T13:49:40",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2025-05-20T17:49:45.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0798 (GCVE-0-2019-0798)
Vulnerability from cvelistv5 – Published: 2019-04-09 02:33 – Updated: 2024-08-04 17:58
VLAI?
Summary
A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Skype for Business Server 2015 |
Affected:
March 2019 Update
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0798"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Skype for Business Server 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "March 2019 Update"
}
]
},
{
"product": "Microsoft Lync Server 2013",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "July 2018 Update"
}
]
}
],
"datePublic": "2019-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business and Lync Spoofing Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T02:33:50",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0798"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Skype for Business Server 2015",
"version": {
"version_data": [
{
"version_value": "March 2019 Update"
}
]
}
},
{
"product_name": "Microsoft Lync Server 2013",
"version": {
"version_data": [
{
"version_value": "July 2018 Update"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business and Lync Spoofing Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0798",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0798"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0798",
"datePublished": "2019-04-09T02:33:50",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24099 (GCVE-0-2021-24099)
Vulnerability from nvd – Published: 2021-02-25 23:01 – Updated: 2024-08-03 19:21
VLAI?
Summary
Skype for Business and Lync Denial of Service Vulnerability
Severity ?
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Skype for Business Server 2019 CU2 |
Affected:
7.0.0 , < publication
(custom)
cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:* |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:18.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Skype for Business Server 2019 CU2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Skype for Business Server 2015 CU 8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2015 CU 8",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Lync Server 2013",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-09T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Skype for Business and Lync Denial of Service Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T22:33:42.042Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24099"
}
],
"title": "Skype for Business and Lync Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-24099",
"datePublished": "2021-02-25T23:01:51",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:18.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24073 (GCVE-0-2021-24073)
Vulnerability from nvd – Published: 2021-02-25 23:01 – Updated: 2024-08-03 19:21
VLAI?
Summary
Skype for Business and Lync Spoofing Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Skype for Business Server 2015 CU 8 |
Affected:
2015 CU 8 , < publication
(custom)
cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Skype for Business Server 2015 CU 8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2015 CU 8",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Lync Server 2013",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-09T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Skype for Business and Lync Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T22:33:32.850Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24073"
}
],
"title": "Skype for Business and Lync Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-24073",
"datePublished": "2021-02-25T23:01:37",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-1025 (GCVE-0-2020-1025)
Vulnerability from nvd – Published: 2020-07-14 22:53 – Updated: 2024-08-04 06:24
VLAI?
Summary
An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.
To exploit this vulnerability, an attacker would need to modify the token.
The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.
Severity ?
No CVSS data available.
CWE
- Elevation of Privilege
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Skype for Business Server 2019 CU2 |
Affected:
7.0.0 , < publication
(custom)
cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:* |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:24:59.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:skype_for_business_server:2019:cu2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Skype for Business Server 2019 CU2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:skype_for_business_server:2015:cu8:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Skype for Business Server 2015 CU 8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "2015 CU 8",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:lync_server:2013:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Lync Server 2013",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Enterprise Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sharepoint_foundation:2013:sp1:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SharePoint Foundation 2013 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-14T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.\nTo exploit this vulnerability, an attacker would need to modify the token.\nThe update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T20:54:51.253Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1025"
}
],
"title": "Microsoft Office Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2020-1025",
"datePublished": "2020-07-14T22:53:56",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-04T06:24:59.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-1029 (GCVE-0-2019-1029)
Vulnerability from nvd – Published: 2019-06-12 13:49 – Updated: 2025-05-20 17:49
VLAI?
Summary
A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights.
To exploit the vulnerability, an attacker needs to obtain a dial-in link for a vulnerable server and then initiates a series of calls within a short amount of time.
The update addresses the vulnerability by correcting the way that Skype for Business server handles objects in memory.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Lync Server 2010 |
Affected:
0 , < publication
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:06:31.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1029"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Lync Server 2010",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Lync Server 2013",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:lync_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:lync_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "publication",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2019-06-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "A denial of service vulnerability exists in Skype for Business. An attacker who successfully exploited the vulnerability could cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker\u0027s user rights.\nTo exploit the vulnerability, an attacker needs to obtain a dial-in link for a vulnerable server and then initiates a series of calls within a short amount of time.\nThe update addresses the vulnerability by correcting the way that Skype for Business server handles objects in memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T17:49:45.878Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Skype for Business and Lync Server Denial of Service Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1029"
}
],
"title": "Skype for Business and Lync Server Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-1029",
"datePublished": "2019-06-12T13:49:40",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2025-05-20T17:49:45.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-0798 (GCVE-0-2019-0798)
Vulnerability from nvd – Published: 2019-04-09 02:33 – Updated: 2024-08-04 17:58
VLAI?
Summary
A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.
Severity ?
No CVSS data available.
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Skype for Business Server 2015 |
Affected:
March 2019 Update
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0798"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Skype for Business Server 2015",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "March 2019 Update"
}
]
},
{
"product": "Microsoft Lync Server 2013",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "July 2018 Update"
}
]
}
],
"datePublic": "2019-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business and Lync Spoofing Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-09T02:33:50",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0798"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Skype for Business Server 2015",
"version": {
"version_data": [
{
"version_value": "March 2019 Update"
}
]
}
},
{
"product_name": "Microsoft Lync Server 2013",
"version": {
"version_data": [
{
"version_value": "July 2018 Update"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business and Lync Spoofing Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0798",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0798"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0798",
"datePublished": "2019-04-09T02:33:50",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}