KLA11972
Multiple vulnerabilities in Microsoft Dynamics

Updated: 10/19/2020

Detect date ?	10/13/2020
Severity ?	High
Description	Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Dynamics 365 Commerce can be exploited remotely via specially crafted request to gain privileges. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (On-Premise) can be exploited remotely via specially crafted web to spoof user interface.
Affected products	Dynamics 365 Commerce Microsoft Dynamics 365 (on-premises) version 9.0 Microsoft Dynamics 365 (on-premises) version 8.2
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2020-16943 CVE-2020-16978 CVE-2020-16956
Impacts ?	PE [?] SUI [?]
Related products	Microsoft Dynamics 365
CVE-IDS ?	CVE-2020-169433.3Warning CVE-2020-169783.5Warning CVE-2020-169563.5Warning
KB list	4578106 4578105
	Find out the statistics of the vulnerabilities spreading in your region

KLA11972Multiple vulnerabilities in Microsoft Dynamics