Arbitrary File Read on Skype For Business Server
| VCSA ID | VCSA-97 |
| CVSS SCORE | 6.5 |
| AFFECTED VENDORS | Microsoft |
| AFFECTED PRODUCTS | Skype For Business Server |
| AFFECTED VERSIONS | Before Microsoft Lync Server 2013 CU10 |
| DESCRIPTION | Post-Auth Arbitrary File Read on Skype For Business Server |
| SOLUTION | Update to latest version |
| CREDIT | rskvp93 (Phạm Văn Khánh) |
| REPORT TIME | 2021-12-21 |
| PUBLISHED TIME | 2022-03-21 |
| DISCLOSURE TIMELINE | • 21/12/2021 – Reported the vulnerability to the vendor • 10/01/2022 – The vendor accepted the report and developing the patch • 12/04/2022 – The vendor published the patch |
| REFERENCES | • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26911 |