Searching
..

Click anywhere to stop

KLA12452
Multiple vulnerabilities in Microsoft Dynamics

Updated: 01/25/2024
Detect date
?
02/08/2022
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Microsoft Dynamics GP can be exploited remotely to gain privileges.
  2. A remote code execution vulnerability in Microsoft Dynamics 365 (on-premises) can be exploited remotely to execute arbitrary code.
  3. A spoofing vulnerability in Microsoft Dynamics GP can be exploited remotely to spoof user interface.
  4. A remote code execution vulnerability in Microsoft Dynamics GP can be exploited remotely to execute arbitrary code.
Affected products

Microsoft Dynamics GP
Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Dynamics 365 (on-premises) version 8.2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2022-23273
CVE-2022-23272
CVE-2022-21957
CVE-2022-23271
CVE-2022-23269
CVE-2022-23274

Impacts
?
ACE 
[?]

PE 
[?]

SUI 
[?]
Related products
Microsoft Dynamics 365
CVE-IDS
?
Microsoft official advisories
Microsoft Security Update Guide
KB list

5012731
5012732

Find out the statistics of the vulnerabilities spreading in your region