KLA20227
Multiple vulnerabilities in Microsoft Dynamics

Обновлено: 29/09/2023
Дата обнаружения
14/02/2023
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface.
  2. A remote code execution vulnerability in Microsoft Dynamics Unified Service Desk can be exploited remotely to execute arbitrary code.
Пораженные продукты

Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft Dynamics 365 Unified Service Desk

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2023-21807
CVE-2023-21570
CVE-2023-21573
CVE-2023-21572
CVE-2023-21571
CVE-2023-21778
Оказываемое влияние
?
ACE 
[?]

XSS/CSS 
[?]

SUI 
[?]
Связанные продукты
Microsoft Dynamics 365
CVE-IDS
CVE-2023-218075.0Warning
CVE-2023-215705.0Warning
CVE-2023-215735.0Warning
CVE-2023-215725.0Warning
CVE-2023-215715.0Warning
CVE-2023-217785.0Warning
KB list

5023506
5023505