Microsoft Lync Server 2013

This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor	Microsoft	First view	2013-05-14
Product	Lync Server	Last view	2022-07-12
Version	2013	Type
Update
Edition
Language
Sofware Edition
Target Software
Target Hardware
Other

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name	Affected CVE
cpe:2.3:a:microsoft:lync_server:2013:::::::*	12
cpe:2.3:a:microsoft:lync_server:2013:cumulative_update_10::::::	4
cpe:2.3:a:microsoft:lync_server:2010:::::::*	3

Related : CVE

	Date	Alert	Description
7.2	2022-07-12	CVE-2022-33633	Skype for Business and Lync Remote Code Execution Vulnerability
6.5	2022-04-15	CVE-2022-26911	Skype for Business Information Disclosure Vulnerability
7.2	2021-05-11	CVE-2021-26422	Skype for Business and Lync Remote Code Execution Vulnerability
6.5	2021-05-11	CVE-2021-26421	Skype for Business and Lync Spoofing Vulnerability
6.5	2021-02-25	CVE-2021-24099	Skype for Business and Lync Denial of Service Vulnerability
6.5	2021-02-25	CVE-2021-24073	Skype for Business and Lync Spoofing Vulnerability
5.9	2019-06-12	CVE-2019-1029	A denial of service vulnerability exists in Skype for Business, aka 'Skype for Business and Lync Server Denial of Service Vulnerability'.
6.1	2019-04-08	CVE-2019-0798	A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.
4.3	2015-09-08	CVE-2015-2536	Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability."
4.3	2015-09-08	CVE-2015-2532	Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync Server XSS Information Disclosure Vulnerability."
4.3	2015-09-08	CVE-2015-2531	Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability."
5	2014-09-09	CVE-2014-4071	The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerability."
4.3	2014-09-09	CVE-2014-4070	Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability."
5	2014-09-09	CVE-2014-4068	The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability."
4.3	2014-06-11	CVE-2014-1823	Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability."
9.3	2013-05-14	CVE-2013-1302	Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."

CWE : Common Weakness Enumeration

%	id	Name
75% (6)	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting')
12% (1)	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
12% (1)	CWE-20	Improper Input Validation

Oval Markup Language : Definitions

OvalID	Name
oval:org.mitre.oval:def:15952	Vulnerability in Lync Could Allow Remote Code Execution - MS13-041
oval:org.mitre.oval:def:24971	Vulnerability in Microsoft Lync Server could allow information disclosure (CV...
oval:org.mitre.oval:def:26680	Lync Denial of Service vulnerability (CVE-2014-4068) - MS14-055
oval:org.mitre.oval:def:26150	Lync XSS information disclosure vulnerability (CVE-2014-4070) - MS14-055
oval:org.mitre.oval:def:26550	Lync Denial of Service vulnerability (CVE-2014-4071) - MS14-055

Information Assurance Vulnerability Management (IAVM)

id	Description
2015-B-0113	Multiple Vulnerabilities in Skype for Business and Microsoft Lync Server (MS1... Severity: Category I - VMSKEY: V0061375
2014-B-0123	Multiple Vulnerabilities in Microsoft Lync Server Severity: Category I - VMSKEY: V0054231
2014-B-0072	Microsoft Lync Server Information Disclosure Vulnerability Severity: Category II - VMSKEY: V0052497
2013-B-0051	Microsoft Lync Remote Code Execution Vulnerability Severity: Category II - VMSKEY: V0037938

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.

Date	Description
2016-04-05	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38011 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38010 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38009 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38008 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38007 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38006 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38005 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38004 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38003 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38002 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38001 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05	IE MsRdpClient ActiveX attempt RuleID : 38000 - Type : BROWSER-PLUGINS - Revision : 2
2016-04-05	IE MsRdpClient ActiveX attempt RuleID : 37999 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05	IE MsRdpClient ActiveX attempt RuleID : 37998 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05	IE MsRdpClient ActiveX attempt RuleID : 37997 - Type : BROWSER-PLUGINS - Revision : 2
2016-04-05	IE MsRdpClient ActiveX attempt RuleID : 37996 - Type : BROWSER-PLUGINS - Revision : 1
2016-04-05	IE MsRdpClient ActiveX attempt RuleID : 37995 - Type : BROWSER-PLUGINS - Revision : 1
2014-11-16	Microsoft Lync Server meeting URL XSS attempt RuleID : 31217 - Type : OS-WINDOWS - Revision : 4
2014-01-10	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26365 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26364 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26363 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26362 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26361 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26360 - Type : BROWSER-PLUGINS - Revision : 11
2014-01-10	Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26359 - Type : BROWSER-PLUGINS - Revision : 11

Nessus® Vulnerability Scanner

id	Description
2015-09-09	Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms15-104.nasl - Type: ACT_GATHER_INFO
2014-09-10	Name: The remote host is affected by multiple vulnerabilities. File: smb_nt_ms14-055.nasl - Type: ACT_GATHER_INFO
2014-06-11	Name: The remote host is affected by an information disclosure vulnerability. File: smb_nt_ms14-032.nasl - Type: ACT_GATHER_INFO
2013-05-15	Name: The remote host is affected by a remote code execution vulnerability. File: smb_nt_ms13-041.nasl - Type: ACT_GATHER_INFO

Mapping	Total
CVE ID(s)	16
CWE ID(s)	3
OVALid	5
IAVM(s)	4
Snort® Rule(s)	29
Nessus® Exploit(s)	4

	%	Affected CVE
Critical (9-10)	6.25%	1
High (7-8.9)	12.5%	2
Medium (4-6.9)	81.25%	13
Low (0.1-3.9)	0%	0
Pending... (0)	0%	0

Microsoft Lync Server 2013

Summary

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

Related : CVE

CWE : Common Weakness Enumeration

Oval Markup Language : Definitions

Information Assurance Vulnerability Management (IAVM)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

vDNA Monitoring

Global informations

Risk Rating (CVSS)

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU

	no vDNA Monitoring
Monitor this product now !