KLA12026
Multiple vulnerabilities in Microsoft Dynamics

Обновлено: 16/12/2020

Дата обнаружения	08/12/2020
Уровень угрозы	Critical
Описание	Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: A cross-site-scripting (XSS) vulnerability Dynamics CRM Webclient can be exploited remotely to spoof user interface. A remote code execution vulnerability in Microsoft Dynamics 365 for Finance and Operations (on-premises) can be exploited remotely to execute arbitrary code. An information disclosure vulnerability in Microsoft Dynamics Business Central/NAV can be exploited to obtain sensitive information.
Пораженные продукты	Microsoft Dynamics 365 (on-premises) version 8.2 Dynamics 365 for Finance and Operations Microsoft Dynamics 365 (on-premises) version 9.0
Решение	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Первичный источник обнаружения	CVE-2020-17147 CVE-2020-17152 CVE-2020-17158 CVE-2020-17133
Оказываемое влияние ?	ACE [?] OSI [?] SUI [?]
Связанные продукты	Microsoft Dynamics 365
CVE-IDS	CVE-2020-171473.5Warning CVE-2020-171526.5High CVE-2020-171586.5High CVE-2020-171334.0Warning
KB list	4595462 4595459 4583556

KLA12026Multiple vulnerabilities in Microsoft Dynamics