Description
Skype for Business allows an unauthenticated attacker to send arbitrary requests to perform lookups on the internal network which is otherwise not accessible externally. An attacker may use this feature to perform SSRF (server-side request forgery) attacks on the server.
Remediation
Upgrade to the latest version of Skype for Business
References
Related Vulnerabilities
MySQL CVE-2018-2782 Vulnerability (CVE-2018-2782)
Varnish Cache Integer Overflow or Wraparound Vulnerability (CVE-2017-12425)
Apache Tomcat Other Vulnerability (CVE-2001-0590)
Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19745)
Oracle Database Server CVE-2014-0377 Vulnerability (CVE-2014-0377)