PT-2019-2157 · Microsoft · Skype For Business Server+2

Suresh C

Publicado

2019-01-15

Atualizado

2020-08-24

CVE-2019-0624

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Skype for Business 2015 (affected versions not specified)

Description A spoofing issue exists due to improper sanitization of specially crafted requests. This could allow a remote attacker to perform a cross-site scripting attack using a specially crafted request. The issue is related to the lack of protection for the web page structure in Microsoft Lync Server and Skype for Business Server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2019-01923

CVE-2019-0624

Produtos afetados

Lync Server

Skype For Business 2015

Skype For Business Server

PT-2019-2157 · Microsoft · Skype For Business Server+2

CVE-2019-0624

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5