KLA12070
Multiple vulnerabilities in Microsoft Dynamics

Обновлено: 16/02/2021

Дата обнаружения	09/02/2021
Уровень угрозы	High
Описание	Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: An information disclosure vulnerability in Microsoft Dataverse can be exploited remotely to obtain sensitive information. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics Business Central can be exploited remotely to spoof user interface.
Пораженные продукты	Microsoft Dynamics NAV 2017 Microsoft Dynamics NAV 2018 Microsoft Dynamics 365 (on-premises) version 8.2 Microsoft Dynamics NAV 2016 Microsoft Dynamics 365 (on-premises) version 9.0 Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise) Microsoft Dynamics 365 Business Central 2020 Release Wave 1 Microsoft Dynamics NAV 2015 Microsoft Dynamics 365 Business Central 2020 Release Wave 2
Решение	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Первичный источник обнаружения	CVE-2021-24101 CVE-2021-1724
Оказываемое влияние ?	OSI [?] SUI [?]
Связанные продукты	Microsoft Dynamics 365
CVE-IDS	CVE-2021-241014.0Warning CVE-2021-17242.3Warning
KB list	4602915 4595463 4595460

KLA12070Multiple vulnerabilities in Microsoft Dynamics