Searching
..

Click anywhere to stop

KLA12420
Multiple vulnerabilities in Microsoft Dynamics

Обновлено: 22/01/2024
Дата обнаружения
11/01/2022
Уровень угрозы
Warning
Описание

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, perform cross-site scripting attack.

Below is a complete list of vulnerabilities:

  1. A spoofing vulnerability in Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface.
  2. Cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 Customer Engagement can be exploited remotely to perform cross-site scripting attack.
Пораженные продукты

Microsoft Dynamics 365 Customer Engagement V9.0
Dynamics 365 Sales

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2022-21891
CVE-2022-21932
Оказываемое влияние
?
XSS/CSS 
[?]

SUI 
[?]
Связанные продукты
Microsoft Dynamics 365
CVE-IDS
CVE-2022-218914.3Warning
CVE-2022-219323.5Warning
KB list

5010574