Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA60564
Multiple vulnerabilities in Microsoft Dynamics

Updated: 09/29/2023
Detect date
?
 09/12/2023
Severity
?
 High
Description

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface.

Below is a complete list of vulnerabilities:

  1. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface.
  2. A cross-site-scripting (XSS) vulnerability Dynamics Finance and Operations can be exploited remotely to spoof user interface.
Affected products

Microsoft Dynamics 365 (on-premises) version 9.1
Dynamics 365 for Finance and Operations
Microsoft Dynamics 365 (on-premises) version 9.0
Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories

CVE-2023-36886
CVE-2023-38164
CVE-2023-36800
Impacts
?
XSS/CSS 
[?]

SUI 
[?]
Related products
 Microsoft Dynamics 365
CVE-IDS
?
CVE-2023-368865.0Warning
CVE-2023-381645.0Warning
CVE-2023-368005.0Warning
KB list

5029396
5030608
Microsoft official advisories
 Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region
© 2023 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy Cookies

Up