CVE-2023-41763

Warnung

EPSS 12.67%
Veröffentlicht 10.10.2023 18:15:18
Zuletzt bearbeitet 28.10.2025 14:10:39
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Skype for Business Elevation of Privilege Vulnerability

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Skype For Business Server Version2015 Updatecumulative_update_13

Microsoft ≫ Skype For Business Server Version2019 Updatecumulative_update_7

10.10.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Skype for Business Privilege Escalation Vulnerability

Schwachstelle

Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	12.67%	0.937

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-41763

Patch

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41763

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-41763

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-41763

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-41763

EUVD