CVE-2022-26910Authentication Bypass by Spoofing in Microsoft Skype FOR Business Server 2015 Cu12

CWE-290Authentication Bypass by Spoofing4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.7%
top 26.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Skype FOR Business Server 2015 Cu12Microsoft Skype FOR Business Server 2019 CU6Microsoft Skype FOR Business Server
Timeline
PublishedApr 15
Latest updateApr 16

Description

Skype for Business and Lync Spoofing Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

CVEListV5microsoft/skype_for_business_server_2019_cu62046.02046.396
CVEListV5microsoft/skype_for_business_server_2015_cu129319.09319.628
NVDmicrosoft/skype2015, 2019+1

🔴Vulnerability Details

2
GHSA
GHSA-gq3f-cc5w-p8w5: Skype for Business and Lync Spoofing Vulnerability2022-04-16
CVEList
Skype for Business and Lync Spoofing Vulnerability2022-04-15

📋Vendor Advisories

1
Microsoft
Skype for Business and Lync Spoofing Vulnerability2022-04-12
CVE-2022-26910 — Authentication Bypass by Spoofing | cvebase