{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T17:19:27.483","vulnerabilities":[{"cve":{"id":"CVE-2018-8238","sourceIdentifier":"secure@microsoft.com","published":"2018-07-11T00:29:00.647","lastModified":"2024-11-21T04:13:28.957","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka \"Skype for Business and Lync Security Feature Bypass Vulnerability.\" This affects Skype, Microsoft Lync."},{"lang":"es","value":"Existe una vulnerabilidad de omisión de la característica de seguridad cuando Skype for Business o Lync no analizan correctamente los enlaces de ruta UNC compartidos mediante mensajes. Esto también se conoce como \"Skype for Business and Lync Security Feature Bypass Vulnerability\". Esto afecta a Skype y Microsoft Lync."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:lync:2013:sp1:*:*:*:*:*:*","matchCriteriaId":"8B854E18-7CB0-43F7-9EBF-E356FA176B2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:skype_for_business:2016:*:*:*:*:*:*:*","matchCriteriaId":"D499807D-91F3-447D-B9F0-D612898C9339"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/104619","source":"secure@microsoft.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/104619","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8238","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}