Multiple vulnerabilities in Microsoft Dynamics

Description

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. A denial of service vulnerability in Microsoft Common Data Model SDK can be exploited remotely to cause denial of service.
2. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface.
3. An information disclosure vulnerability in Microsoft Dynamics 365 (On-Premises) can be exploited remotely to obtain sensitive information.

Original advisories

• CVE-2023-36566

• CVE-2023-36416
• CVE-2023-36433
• CVE-2023-36429

Related products

• Microsoft-Dynamics-365

CVE list

• CVE-2023-36566
  unknown
• CVE-2023-36416
  unknown
• CVE-2023-36433
  unknown
• CVE-2023-36429
  unknown

KB list

• 5026501
• 5026500
• 5029396
• 5030608
• 5031500
• 5031499

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com