| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS15-104 | Vulnerabilities in Skype for Business Server and Lync Server Could Allow Elevation of Privilege (3089952) | Microsoft Lync | Important | 09-09-2015 |
Technical Information
Brief overview of the risk:
This security update resolves vulnerabilities in Skype for Business Server and Microsoft Lync Server. The most severe of the vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL.
Detailed Information on the risk:
A cross-site scripting (XSS) vulnerability, which could result in information disclosure, exists when the jQuery engine in Skype for Business Server or in Lync Server fails to properly sanitize specially crafted content. An attacker who successfully exploited this vulnerability could potentially execute scripts in the userÆs browser to obtain information from web sessions.
For this vulnerability to be exploited, a user must click a specially crafted URL.
Microsoft Lync Server 2013 For this vulnerability to be exploited, a user must click a specially crafted URL.
Further information on this exploit is available at : MS15-104
Skype for Business Server 2015
Affected Software
Microsoft Lync Server 2013Skype for Business Server 2015