KLA12026
Multiple vulnerabilities in Microsoft Dynamics

Обновлено: 16/12/2020
Дата обнаружения
08/12/2020
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A cross-site-scripting (XSS) vulnerability Dynamics CRM Webclient can be exploited remotely to spoof user interface.
  2. A remote code execution vulnerability in Microsoft Dynamics 365 for Finance and Operations (on-premises) can be exploited remotely to execute arbitrary code.
  3. An information disclosure vulnerability in Microsoft Dynamics Business Central/NAV can be exploited to obtain sensitive information.
Пораженные продукты

Microsoft Dynamics 365 (on-premises) version 8.2
Dynamics 365 for Finance and Operations
Microsoft Dynamics 365 (on-premises) version 9.0

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2020-17147
CVE-2020-17152
CVE-2020-17158
CVE-2020-17133
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

SUI 
[?]
Связанные продукты
Microsoft Dynamics 365
CVE-IDS
KB list

4595462
4595459
4583556