Multiple vulnerability in Microsoft Dynamics

Description

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Dynamics Business Central can be exploited remotely to execute arbitrary code.
2. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (On-Premise) can be exploited remotely via specially crafted web to spoof user interface.
3. Unspecified Microsoft Dynamics Business can be exploited remotely to obtain sensitive information.

Original advisories

• CVE-2020-1022

• CVE-2020-1050
• CVE-2020-1049
• CVE-2020-1018

Related products

• Microsoft-Dynamics-365

CVE list

• CVE-2020-1022
  high
• CVE-2020-1050
  warning
• CVE-2020-1049
  warning
• CVE-2020-1018
  warning

KB list

• 4538593
• 4549673
• 4557700
• 4557699
• 4549676
• 4549674
• 4549678
• 4549675
• 4549677

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com