KLA20227
Multiple vulnerabilities in Microsoft Dynamics

Обновлено: 29/09/2023

Дата обнаружения	14/02/2023
Уровень угрозы	High
Описание	Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface. A remote code execution vulnerability in Microsoft Dynamics Unified Service Desk can be exploited remotely to execute arbitrary code.
Пораженные продукты	Microsoft Dynamics 365 (on-premises) version 9.0 Microsoft Dynamics 365 (on-premises) version 9.1 Microsoft Dynamics 365 Unified Service Desk
Решение	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Первичный источник обнаружения	CVE-2023-21807 CVE-2023-21570 CVE-2023-21573 CVE-2023-21572 CVE-2023-21571 CVE-2023-21778
Оказываемое влияние ?	ACE [?] XSS/CSS [?] SUI [?]
Связанные продукты	Microsoft Dynamics 365
CVE-IDS	CVE-2023-218075.0Warning CVE-2023-215705.0Warning CVE-2023-215735.0Warning CVE-2023-215725.0Warning CVE-2023-215715.0Warning CVE-2023-217785.0Warning
KB list	5023506 5023505

KLA20227Multiple vulnerabilities in Microsoft Dynamics