Spoofing Vulnerability in Skype for Business and Lync Servers by Microsoft
CVE-2019-0798

6.1MEDIUM

Key Information:

Vendor: Microsoft
Status: Skype For Business Server 2015; Microsoft Lync Server 2013
Vendor: CVE Published:; 9 April 2019

Summary

A security flaw exists within Skype for Business and Lync Server that allows an attacker to exploit improper request sanitization. This vulnerability can lead to spoofing attacks, enabling unauthorized access and potential manipulation of communication sessions.

Affected Version(s)

Microsoft Lync Server 2013 July 2018 Update

Skype for Business Server 2015 March 2019 Update

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Apr 9, 2019
Vulnerability Reserved
Nov 26, 2018