Multiple vulnerabilities in Microsoft Dynamics

Description

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges, execute arbitrary code.

Below is a complete list of vulnerabilities:

1. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface.
2. An elevation of privilege vulnerability in Microsoft Dynamics 365 Business Central can be exploited remotely to gain privileges.
3. A remote code execution vulnerability in Microsoft Power Automate Desktop can be exploited remotely to execute arbitrary code.

Fiches de renseignement originales

• CVE-2024-43476

• CVE-2024-38225
• CVE-2024-43479

Produits associés

• Microsoft-Dynamics-365

Liste CVE

• CVE-2024-43476
  critical
• CVE-2024-38225
  critical
• CVE-2024-43479
  critical

Liste KB

• 5042530
• 5042528
• 5042529
• 5043254

En savoir plus

Découvrez les statistiques de la propagation des vulnérabilités dans votre région statistics.securelist.com