KLA12070
Multiple vulnerabilities in Microsoft Dynamics

Обновлено: 16/02/2021
Дата обнаружения
09/02/2021
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Microsoft Dataverse can be exploited remotely to obtain sensitive information.
  2. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics Business Central can be exploited remotely to spoof user interface.
Пораженные продукты

Microsoft Dynamics NAV 2017
Microsoft Dynamics NAV 2018
Microsoft Dynamics 365 (on-premises) version 8.2
Microsoft Dynamics NAV 2016
Microsoft Dynamics 365 (on-premises) version 9.0
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft Dynamics 365 Business Central 2020 Release Wave 1
Microsoft Dynamics NAV 2015
Microsoft Dynamics 365 Business Central 2020 Release Wave 2

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2021-24101
CVE-2021-1724
Оказываемое влияние
?
OSI 
[?]

SUI 
[?]
Связанные продукты
Microsoft Dynamics 365
CVE-IDS
CVE-2021-241010.0Unknown
CVE-2021-17240.0Unknown
KB list

4602915
4595463
4595460

Узнай статистику распространения уязвимостей в твоем регионе