KLA12070
Multiple vulnerabilities in Microsoft Dynamics

Updated: 02/16/2021

Detect date ?	02/09/2021
Severity ?	High
Description	Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: An information disclosure vulnerability in Microsoft Dataverse can be exploited remotely to obtain sensitive information. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics Business Central can be exploited remotely to spoof user interface.
Affected products	Microsoft Dynamics NAV 2017 Microsoft Dynamics NAV 2018 Microsoft Dynamics 365 (on-premises) version 8.2 Microsoft Dynamics NAV 2016 Microsoft Dynamics 365 (on-premises) version 9.0 Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise) Microsoft Dynamics 365 Business Central 2020 Release Wave 1 Microsoft Dynamics NAV 2015 Microsoft Dynamics 365 Business Central 2020 Release Wave 2
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2021-24101 CVE-2021-1724
Impacts ?	OSI [?] SUI [?]
Related products	Microsoft Dynamics 365
CVE-IDS ?	CVE-2021-241010.0Unknown CVE-2021-17240.0Unknown
KB list	4602915 4595463 4595460

KLA12070Multiple vulnerabilities in Microsoft Dynamics