Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA61976
Multiple vulnerabilities in Microsoft Dynamics

Updated: 11/15/2023
Detect date
?
 11/14/2023
Severity
?
 High
Description

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface.

Below is a complete list of vulnerabilities:

  1. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface.
  2. A spoofing vulnerability in Microsoft Dynamics 365 Sales can be exploited remotely to spoof user interface.
  3. A spoofing vulnerability in Microsoft Send Customer Voice survey from Dynamics 365 can be exploited remotely to spoof user interface.
Affected products

Send Customer Voice survey from Dynamics 365 app
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft Dynamics 365 (on-premises) version 9.0
Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories

CVE-2023-36031
CVE-2023-36030
CVE-2023-36007
CVE-2023-36410
CVE-2023-36016
Impacts
?
SUI 
[?]
Related products
 Microsoft Dynamics 365
CVE-IDS
?
CVE-2023-360317.6Critical
CVE-2023-360306.1High
CVE-2023-360077.6Critical
CVE-2023-364107.6Critical
CVE-2023-360166.2High
KB list

5032297
5032298
Find out the statistics of the vulnerabilities spreading in your region
© 2023 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy Cookies

Up