CVE-2019-0798

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.9%

top 25.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Lync Server 2013 Microsoft Skype FOR Business Server 2015 Microsoft Lync Server +1 more

Timeline

PublishedApr 9

Latest updateMay 13

Description

A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶CVEListV5microsoft/skype_for_business_server_2015March 2019 Update

▶NVDmicrosoft/lync_server2013

▶CVEListV5microsoft/microsoft_lync_server_2013July 2018 Update

▶NVDmicrosoft/skype2015

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-43cx-jhp3-2qcr: A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for↗2022-05-13

▶

CVEList

CVE-2019-0798: A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for↗2019-04-09

▶

📋Vendor Advisories

Microsoft

Skype for Business and Lync Spoofing Vulnerability↗2019-03-12

▶