KLA12070
Multiple vulnerabilities in Microsoft Dynamics

Updated: 02/16/2021
Detect date
?
02/09/2021
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Microsoft Dataverse can be exploited remotely to obtain sensitive information.
  2. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics Business Central can be exploited remotely to spoof user interface.
Affected products

Microsoft Dynamics NAV 2017
Microsoft Dynamics NAV 2018
Microsoft Dynamics 365 (on-premises) version 8.2
Microsoft Dynamics NAV 2016
Microsoft Dynamics 365 (on-premises) version 9.0
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft Dynamics 365 Business Central 2020 Release Wave 1
Microsoft Dynamics NAV 2015
Microsoft Dynamics 365 Business Central 2020 Release Wave 2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2021-24101
CVE-2021-1724

Impacts
?
OSI 
[?]

SUI 
[?]
Related products
Microsoft Dynamics 365
CVE-IDS
?
CVE-2021-241014.0Warning
CVE-2021-17242.3Warning
KB list

4602915
4595463
4595460

Microsoft official advisories
Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region