Microsoft Skype For Business Server

Skype for Business Info Disclosure via Unauth Access
CVE-2024-20695 5.7 - Medium - February 13, 2024

Skype for Business Information Disclosure Vulnerability

LDAP Filter Injection via LDAP Contacts Provider in Microsoft Skype for Business
CVE-2023-29050 9.6 - Critical - January 08, 2024

The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known.

Injection

Oct 2023: Skype for Business Elevation of Privilege Vulnerability
CVE-2023-41763 5.3 - Medium - October 10, 2023

Skype for Business Elevation of Privilege Vulnerability

SSRF

Microsoft Skype for Business RCE Vulnerability
CVE-2023-36789 7.2 - High - October 10, 2023

Skype for Business Remote Code Execution Vulnerability

Skype for Business RCE via malicious content
CVE-2023-36786 7.2 - High - October 10, 2023

Skype for Business Remote Code Execution Vulnerability

Skype for Business RCE Exploit CVE-2023-36780
CVE-2023-36780 7.2 - High - October 10, 2023

Skype for Business Remote Code Execution Vulnerability

Skype for Business Information Disclosure Vulnerability
CVE-2022-26911 6.5 - Medium - April 15, 2022

Skype for Business Information Disclosure Vulnerability

Skype for Business and Lync Spoofing Vulnerability
CVE-2022-26910 5.3 - Medium - April 15, 2022

Skype for Business and Lync Spoofing Vulnerability

Skype for Business and Lync Remote Code Execution Vulnerability
CVE-2021-26422 7.2 - High - May 11, 2021

Skype for Business and Lync Remote Code Execution Vulnerability

Skype for Business and Lync Spoofing Vulnerability
CVE-2021-26421 6.5 - Medium - May 11, 2021

Skype for Business and Lync Spoofing Vulnerability

Skype for Business and Lync Spoofing Vulnerability
CVE-2021-24073 6.5 - Medium - February 25, 2021

Skype for Business and Lync Spoofing Vulnerability

Skype for Business and Lync Denial of Service Vulnerability
CVE-2021-24099 6.5 - Medium - February 25, 2021

Skype for Business and Lync Denial of Service Vulnerability

Jul 2020: Microsoft Office Elevation of Privilege Vulnerability
CVE-2020-1025 - July 14, 2020

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access. To exploit this vulnerability, an attacker would need to modify the token. The update addresses the vulnerability by modifying how Microsoft SharePoint Server and Skype for Business Server validate tokens.

A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request
CVE-2019-0798 6.1 - Medium - April 09, 2019

A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.

XSS