KLA12420
Multiple vulnerabilities in Microsoft Dynamics

Updated: 01/12/2022
Detect date
?
01/11/2022
Severity
?
Warning
Description

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

  1. A spoofing vulnerability in Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface.
  2. Cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 Customer Engagement can be exploited remotely to perform cross-site scripting attack.
Affected products

Microsoft Dynamics 365 Customer Engagement V9.0
Dynamics 365 Sales

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2022-21891
CVE-2022-21932

Impacts
?
XSS/CSS 
[?]

SUI 
[?]
Related products
Microsoft Dynamics 365
CVE-IDS
?
CVE-2022-218915.0Critical
CVE-2022-219325.0Critical
KB list

5010574

Find out the statistics of the vulnerabilities spreading in your region