Searching
..

Click anywhere to stop

KLA61356
Multiple vulnerabilities in Microsoft Dynamics

Updated: 10/11/2023
Detect date
?
10/10/2023
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A denial of service vulnerability in Microsoft Common Data Model SDK can be exploited remotely to cause denial of service.
  2. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface.
  3. An information disclosure vulnerability in Microsoft Dynamics 365 (On-Premises) can be exploited remotely to obtain sensitive information.
Affected products

Microsoft Common Data Model SDK for Java
Microsoft Common Data Model SDK for C#
Microsoft Common Data Model SDK for Python
Microsoft Common Data Model SDK for TypeScript
Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Dynamics 365 (on-premises) version 9.1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2023-36566
CVE-2023-36416
CVE-2023-36433
CVE-2023-36429

Impacts
?
OSI 
[?]

DoS 
[?]

SUI 
[?]
Related products
Microsoft Dynamics 365
KB list

5026501
5026500
5029396
5030608
5031500
5031499

Find out the statistics of the vulnerabilities spreading in your region