cvelistv5 - cve-2019-1490

CVE-2019-1490 (GCVE-0-2019-1490)

Vulnerability from cvelistv5 – Published: 2019-12-10 21:41 – Updated: 2024-08-04 18:20

Summary

A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'.

Severity ?

No CVSS data available.

CWE

Spoofing

Assigner

microsoft

References

URL

Tags

https://portal.msrc.microsoft.com/en-US/security-…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Microsoft	Skype for Business Server 2019 CU2	Affected: unspecified

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:28.160Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Skype for Business Server 2019  CU2",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business Server Spoofing Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Spoofing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-10T21:41:08",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-1490",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Skype for Business Server 2019  CU2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business Server Spoofing Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Spoofing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-1490",
    "datePublished": "2019-12-10T21:41:08",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:20:28.160Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:skype_for_business:2019:cumulative_update_2:*:*:*:*:*:*\", \"matchCriteriaId\": \"38ABD417-45D5-4212-BC19-929B71E6D1D2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business Server Spoofing Vulnerability\u0027.\"}, {\"lang\": \"es\", \"value\": \"Hay una vulnerabilidad de suplantaci\\u00f3n de identidad cuando un Servidor de Skype for Business no sanea apropiadamente una petici\\u00f3n especialmente dise\\u00f1ada, tambi\\u00e9n se conoce como \\\"Skype for Business Server Spoofing Vulnerability\\\".\"}]",
      "id": "CVE-2019-1490",
      "lastModified": "2024-11-21T04:36:47.233",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-12-10T22:15:18.417",
      "references": "[{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-74\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-1490\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2019-12-10T22:15:18.417\",\"lastModified\":\"2024-11-21T04:36:47.233\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business Server Spoofing Vulnerability\u0027.\"},{\"lang\":\"es\",\"value\":\"Hay una vulnerabilidad de suplantaci\u00f3n de identidad cuando un Servidor de Skype for Business no sanea apropiadamente una petici\u00f3n especialmente dise\u00f1ada, tambi\u00e9n se conoce como \\\"Skype for Business Server Spoofing Vulnerability\\\".\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:skype_for_business:2019:cumulative_update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"38ABD417-45D5-4212-BC19-929B71E6D1D2\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2019-1490

Vulnerability from fkie_nvd - Published: 2019-12-10 22:15 - Updated: 2024-11-21 04:36

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'.

References

	URL	Tags
	secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	microsoft	skype_for_business	2019

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:skype_for_business:2019:cumulative_update_2:*:*:*:*:*:*",
              "matchCriteriaId": "38ABD417-45D5-4212-BC19-929B71E6D1D2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business Server Spoofing Vulnerability\u0027."
    },
    {
      "lang": "es",
      "value": "Hay una vulnerabilidad de suplantaci\u00f3n de identidad cuando un Servidor de Skype for Business no sanea apropiadamente una petici\u00f3n especialmente dise\u00f1ada, tambi\u00e9n se conoce como \"Skype for Business Server Spoofing Vulnerability\"."
    }
  ],
  "id": "CVE-2019-1490",
  "lastModified": "2024-11-21T04:36:47.233",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-10T22:15:18.417",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2019-AVI-627

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code à distance et une usurpation d'identité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Skype pour Business Server 2019 CU2
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.0
Microsoft	N/A	SQL Server 2017 Reporting Services
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft	N/A	Power BI Report Server
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.0
Microsoft	N/A	SQL Server 2019 Reporting Services
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Microsoft	N/A	Microsoft Visual Studio 2017 version 16.0
Microsoft	N/A	Microsoft Visual Studio Live Share extension
Microsoft	N/A	Microsoft Authentication Library (MSAL) pour Android

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 10 décembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Skype pour Business Server 2019 CU2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server 2017 Reporting Services",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Power BI Report Server",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server 2019 Reporting Services",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio Live Share extension",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Authentication Library (MSAL) pour Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1352"
    },
    {
      "name": "CVE-2019-1349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1349"
    },
    {
      "name": "CVE-2019-1354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1354"
    },
    {
      "name": "CVE-2019-1332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1332"
    },
    {
      "name": "CVE-2019-1487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1487"
    },
    {
      "name": "CVE-2019-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1351"
    },
    {
      "name": "CVE-2019-1486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1486"
    },
    {
      "name": "CVE-2019-1350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1350"
    },
    {
      "name": "CVE-2019-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1387"
    },
    {
      "name": "CVE-2019-1490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1490"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-627",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune ex\u00e9cution de code \u00e0 distance et une usurpation d\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 d\u00e9cembre 2019",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2019-AVI-627

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Skype pour Business Server 2019 CU2
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.0
Microsoft	N/A	SQL Server 2017 Reporting Services
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft	N/A	Power BI Report Server
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.0
Microsoft	N/A	SQL Server 2019 Reporting Services
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Microsoft	N/A	Microsoft Visual Studio 2017 version 16.0
Microsoft	N/A	Microsoft Visual Studio Live Share extension
Microsoft	N/A	Microsoft Authentication Library (MSAL) pour Android

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 10 décembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Skype pour Business Server 2019 CU2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server 2017 Reporting Services",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Power BI Report Server",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "SQL Server 2019 Reporting Services",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio Live Share extension",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Authentication Library (MSAL) pour Android",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1352"
    },
    {
      "name": "CVE-2019-1349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1349"
    },
    {
      "name": "CVE-2019-1354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1354"
    },
    {
      "name": "CVE-2019-1332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1332"
    },
    {
      "name": "CVE-2019-1487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1487"
    },
    {
      "name": "CVE-2019-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1351"
    },
    {
      "name": "CVE-2019-1486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1486"
    },
    {
      "name": "CVE-2019-1350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1350"
    },
    {
      "name": "CVE-2019-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1387"
    },
    {
      "name": "CVE-2019-1490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1490"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-627",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune ex\u00e9cution de code \u00e0 distance et une usurpation d\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 10 d\u00e9cembre 2019",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

GHSA-7HJV-846H-7WVC

Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2022-05-24 17:03

Details

A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-1490"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-10T22:15:00Z",
    "severity": "LOW"
  },
  "details": "A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business Server Spoofing Vulnerability\u0027.",
  "id": "GHSA-7hjv-846h-7wvc",
  "modified": "2022-05-24T17:03:09Z",
  "published": "2022-05-24T17:03:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1490"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2019-1490

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business Server Spoofing Vulnerability'.

Aliases

CVE-2019-1490

Aliases

CVE-2019-1490

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-1490",
    "description": "A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business Server Spoofing Vulnerability\u0027.",
    "id": "GSD-2019-1490"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-1490"
      ],
      "details": "A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business Server Spoofing Vulnerability\u0027.",
      "id": "GSD-2019-1490",
      "modified": "2023-12-13T01:23:51.295506Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2019-1490",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Skype for Business Server 2019  CU2",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business Server Spoofing Vulnerability\u0027."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Spoofing"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:skype_for_business:2019:cumulative_update_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-1490"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A spoofing vulnerability exists when a Skype for Business Server does not properly sanitize a specially crafted request, aka \u0027Skype for Business Server Spoofing Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-74"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1490"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-12-10T22:15Z"
    }
  }
}

CNVD-2019-45910

Vulnerability from cnvd - Published: 2019-12-18

Title

Microsoft Skype for Business Server欺骗漏洞

Description

Microsoft Lync Server（前称Microsoft Office Communicator）是美国微软（Microsoft）公司的一套企业整合沟通平台。该平台能够跨越PC、Web、手机等其他移动设备，将不同的沟通方式集成到一个平台中。Microsoft Skype for Business Server是Microsoft Lync Server的新一代产品。 Microsoft Skype for Business Server 2019 CU2中存在欺骗漏洞，该漏洞源于程序未能正确清理特制的请求，攻击者可通过发送特制的请求利用该漏洞实施跨站脚本攻击，在当前用户的安全上下文中运行脚本。

Severity

低

Patch Name

Microsoft Skype for Business Server欺骗漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1490

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-1490

Impacted products

Name
Microsoft Skype for Business Server 2019 CU2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-1490"
    }
  },
  "description": "Microsoft Lync Server\uff08\u524d\u79f0Microsoft Office Communicator\uff09\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u6574\u5408\u6c9f\u901a\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u80fd\u591f\u8de8\u8d8aPC\u3001Web\u3001\u624b\u673a\u7b49\u5176\u4ed6\u79fb\u52a8\u8bbe\u5907\uff0c\u5c06\u4e0d\u540c\u7684\u6c9f\u901a\u65b9\u5f0f\u96c6\u6210\u5230\u4e00\u4e2a\u5e73\u53f0\u4e2d\u3002Microsoft Skype for Business Server\u662fMicrosoft Lync Server\u7684\u65b0\u4e00\u4ee3\u4ea7\u54c1\u3002\n\nMicrosoft Skype for Business Server 2019 CU2\u4e2d\u5b58\u5728\u6b3a\u9a97\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u6e05\u7406\u7279\u5236\u7684\u8bf7\u6c42\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff0c\u5728\u5f53\u524d\u7528\u6237\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u4e2d\u8fd0\u884c\u811a\u672c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1490",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-45910",
  "openTime": "2019-12-18",
  "patchDescription": "Microsoft Lync Server\uff08\u524d\u79f0Microsoft Office Communicator\uff09\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f01\u4e1a\u6574\u5408\u6c9f\u901a\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u80fd\u591f\u8de8\u8d8aPC\u3001Web\u3001\u624b\u673a\u7b49\u5176\u4ed6\u79fb\u52a8\u8bbe\u5907\uff0c\u5c06\u4e0d\u540c\u7684\u6c9f\u901a\u65b9\u5f0f\u96c6\u6210\u5230\u4e00\u4e2a\u5e73\u53f0\u4e2d\u3002Microsoft Skype for Business Server\u662fMicrosoft Lync Server\u7684\u65b0\u4e00\u4ee3\u4ea7\u54c1\u3002\r\n\r\nMicrosoft Skype for Business Server 2019 CU2\u4e2d\u5b58\u5728\u6b3a\u9a97\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u6e05\u7406\u7279\u5236\u7684\u8bf7\u6c42\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff0c\u5728\u5f53\u524d\u7528\u6237\u7684\u5b89\u5168\u4e0a\u4e0b\u6587\u4e2d\u8fd0\u884c\u811a\u672c\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Skype for Business Server\u6b3a\u9a97\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Skype for Business Server 2019 CU2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-1490",
  "serverity": "\u4f4e",
  "submitTime": "2019-12-11",
  "title": "Microsoft Skype for Business Server\u6b3a\u9a97\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-1490 (GCVE-0-2019-1490)

FKIE_CVE-2019-1490

CERTFR-2019-AVI-627

Solution

CERTFR-2019-AVI-627

Solution

GHSA-7HJV-846H-7WVC

GSD-2019-1490

CNVD-2019-45910

Tags

Sightings

Nomenclature