KLA61976
Multiple vulnerabilities in Microsoft Dynamics

Updated: 11/15/2023
Detect date
?
11/14/2023
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface.

Below is a complete list of vulnerabilities:

  1. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface.
  2. A spoofing vulnerability in Microsoft Dynamics 365 Sales can be exploited remotely to spoof user interface.
  3. A spoofing vulnerability in Microsoft Send Customer Voice survey from Dynamics 365 can be exploited remotely to spoof user interface.
Affected products

Send Customer Voice survey from Dynamics 365 app
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft Dynamics 365 (on-premises) version 9.0

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2023-36031
CVE-2023-36030
CVE-2023-36007
CVE-2023-36410
CVE-2023-36016

Impacts
?
SUI 
[?]
Related products
Microsoft Dynamics 365
CVE-IDS
?
CVE-2023-360317.6Critical
CVE-2023-360306.1High
CVE-2023-360077.6Critical
CVE-2023-364107.6Critical
CVE-2023-360166.2High
KB list

5032297
5032298

Find out the statistics of the vulnerabilities spreading in your region