This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 2013-05-14
Product Lync Server Last view 2021-02-25
Version 2013 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:microsoft:lync_server

Activity : Overall

Related : CVE

  Date Alert Description
6.5 2021-02-25 CVE-2021-24099

Skype for Business and Lync Denial of Service Vulnerability

7.1 2021-02-25 CVE-2021-24073

Skype for Business and Lync Spoofing Vulnerability

5.9 2019-06-12 CVE-2019-1029

A denial of service vulnerability exists in Skype for Business, aka 'Skype for Business and Lync Server Denial of Service Vulnerability'.

6.1 2019-04-08 CVE-2019-0798

A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.

4.3 2015-09-08 CVE-2015-2536

Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability."

4.3 2015-09-08 CVE-2015-2532

Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync Server XSS Information Disclosure Vulnerability."

4.3 2015-09-08 CVE-2015-2531

Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability."

5 2014-09-09 CVE-2014-4071

The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerability."

4.3 2014-09-09 CVE-2014-4070

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability."

5 2014-09-09 CVE-2014-4068

The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability."

4.3 2014-06-11 CVE-2014-1823

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability."

9.3 2013-05-14 CVE-2013-1302

Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."

CWE : Common Weakness Enumeration

%idName
75% (6) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
12% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12% (1) CWE-20 Improper Input Validation

Information Assurance Vulnerability Management (IAVM)

id Description
2015-B-0113 Multiple Vulnerabilities in Skype for Business and Microsoft Lync Server (MS1...
Severity: Category I - VMSKEY: V0061375
2014-B-0123 Multiple Vulnerabilities in Microsoft Lync Server
Severity: Category I - VMSKEY: V0054231
2014-B-0072 Microsoft Lync Server Information Disclosure Vulnerability
Severity: Category II - VMSKEY: V0052497
2013-B-0051 Microsoft Lync Remote Code Execution Vulnerability
Severity: Category II - VMSKEY: V0037938

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38011 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38010 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38009 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38008 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38007 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38006 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38005 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38004 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38003 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38002 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 38001 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05 IE MsRdpClient ActiveX attempt
RuleID : 38000 - Type : BROWSER-PLUGINS - Revision : 2
2016-04-05 IE MsRdpClient ActiveX attempt
RuleID : 37999 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05 IE MsRdpClient ActiveX attempt
RuleID : 37998 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05 IE MsRdpClient ActiveX attempt
RuleID : 37997 - Type : BROWSER-PLUGINS - Revision : 2
2016-04-05 IE MsRdpClient ActiveX attempt
RuleID : 37996 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05 IE MsRdpClient ActiveX attempt
RuleID : 37995 - Type : BROWSER-PLUGINS - Revision : 1
2014-11-16 Microsoft Lync Server meeting URL XSS attempt
RuleID : 31217 - Type : OS-WINDOWS - Revision : 4
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26365 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26364 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26363 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26362 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26361 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26360 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10 Microsoft Windows RDP ActiveX component mstscax use after free attempt
RuleID : 26359 - Type : BROWSER-PLUGINS - Revision : 11

Nessus® Vulnerability Scanner

id Description
2015-09-09 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms15-104.nasl - Type: ACT_GATHER_INFO
2014-09-10 Name: The remote host is affected by multiple vulnerabilities.
File: smb_nt_ms14-055.nasl - Type: ACT_GATHER_INFO
2014-06-11 Name: The remote host is affected by an information disclosure vulnerability.
File: smb_nt_ms14-032.nasl - Type: ACT_GATHER_INFO
2013-05-15 Name: The remote host is affected by a remote code execution vulnerability.
File: smb_nt_ms13-041.nasl - Type: ACT_GATHER_INFO