KLA11953
Multiple vulnerabilities in Microsoft Dynamics

Обновлено: 10/09/2020
Дата обнаружения
08/09/2020
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Dynamics 365. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (On-Premise) can be exploited remotely via specially crafted web to spoof user interface.
  2. A remote code execution vulnerability in Microsoft Dynamics 365 (on-premises) can be exploited remotely via specially crafted request to execute arbitrary code.
  3. A remote code execution vulnerability in Microsoft Dynamics 365 for Finance and Operations (on-premises) can be exploited remotely via specially crafted file to execute arbitrary code.
Пораженные продукты

Dynamics 365 for Finance and Operations
Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Dynamics 365 (on-premises) version 8.2

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2020-16872
CVE-2020-16860
CVE-2020-16862
CVE-2020-16864
CVE-2020-16878
CVE-2020-16861
CVE-2020-16871
CVE-2020-16858
CVE-2020-16859
CVE-2020-16857
Оказываемое влияние
?
ACE 
[?]

SUI 
[?]
Связанные продукты
Microsoft Dynamics 365
CVE-IDS
KB list

4577501
4574742

Узнай статистику распространения уязвимостей в твоем регионе