Spoofing Vulnerability in Skype for Business Server by Microsoft
CVE-2019-1490

5.4MEDIUM

Key Information:

Vendor: Microsoft
Status: Skype For Business Server 2019 Cu2
Vendor: CVE Published:; 10 December 2019

Summary

A spoofing vulnerability occurs in Skype for Business Server when the system fails to properly sanitize a specially crafted request. This could allow an attacker to impersonate legitimate users or services within the network, potentially leading to unauthorized access and compromised data integrity. Organizations using affected versions of Skype for Business Server are advised to apply the necessary security patches to mitigate this risk.

Affected Version(s)

Skype for Business Server 2019 CU2 = unspecified

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 10, 2019
Vulnerability Reserved
Nov 26, 2018