Spoofing Vulnerability in Skype for Business 2015 by Microsoft
CVE-2019-0624

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Skype
Vendor: CVE Published:; 17 January 2019

Summary

A spoofing vulnerability exists in Skype for Business 2015 due to inadequate sanitization of specially crafted requests. This flaw could allow an attacker to impersonate legitimate users or services, potentially leading to unauthorized access and manipulation of data. Users and administrators should ensure their systems are updated with the latest security patches to mitigate this risk.

Affected Version(s)

Skype Business Server 2015 CU 8

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/106663

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 17, 2019
Vulnerability Reserved
Nov 26, 2018