KLA12026
Multiple vulnerabilities in Microsoft Dynamics

Updated: 12/16/2020
Detect date
?
12/08/2020
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A cross-site-scripting (XSS) vulnerability Dynamics CRM Webclient can be exploited remotely to spoof user interface.
  2. A remote code execution vulnerability in Microsoft Dynamics 365 for Finance and Operations (on-premises) can be exploited remotely to execute arbitrary code.
  3. An information disclosure vulnerability in Microsoft Dynamics Business Central/NAV can be exploited to obtain sensitive information.
Affected products

Microsoft Dynamics 365 (on-premises) version 8.2
Dynamics 365 for Finance and Operations
Microsoft Dynamics 365 (on-premises) version 9.0

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-17147
CVE-2020-17152
CVE-2020-17158
CVE-2020-17133

Impacts
?
ACE 
[?]

OSI 
[?]

SUI 
[?]
Related products
Microsoft Dynamics 365
CVE-IDS
?
CVE-2020-171470.0Unknown
CVE-2020-171520.0Unknown
CVE-2020-171580.0Unknown
CVE-2020-171330.0Unknown
KB list

4595462
4595459
4583556

Find out the statistics of the vulnerabilities spreading in your region