Multiple vulnerabilities in Microsoft Dynamics

Description

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges, execute arbitrary code.

Below is a complete list of vulnerabilities:

1. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface.
2. An elevation of privilege vulnerability in Microsoft Dynamics 365 Business Central can be exploited remotely to gain privileges.
3. A remote code execution vulnerability in Microsoft Power Automate Desktop can be exploited remotely to execute arbitrary code.

Original advisories

• CVE-2024-43476

• CVE-2024-38225
• CVE-2024-43479

Related products

• Microsoft-Dynamics-365

CVE list

• CVE-2024-43476
  critical
• CVE-2024-38225
  critical
• CVE-2024-43479
  critical

KB list

• 5042530
• 5042528
• 5042529
• 5043254

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com