KLA61356
Multiple vulnerabilities in Microsoft Dynamics

Обновлено: 11/10/2023
Дата обнаружения
10/10/2023
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A denial of service vulnerability in Microsoft Common Data Model SDK can be exploited remotely to cause denial of service.
  2. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface.
  3. An information disclosure vulnerability in Microsoft Dynamics 365 (On-Premises) can be exploited remotely to obtain sensitive information.
Пораженные продукты

Microsoft Common Data Model SDK for Java
Microsoft Common Data Model SDK for C#
Microsoft Common Data Model SDK for Python
Microsoft Common Data Model SDK for TypeScript
Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Dynamics 365 (on-premises) version 9.1

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2023-36566
CVE-2023-36416
CVE-2023-36433
CVE-2023-36429
Оказываемое влияние
?
OSI 
[?]

DoS 
[?]

SUI 
[?]
Связанные продукты
Microsoft Dynamics 365
KB list

5026501
5026500
5029396
5030608
5031500
5031499

Узнай статистику распространения уязвимостей в твоем регионе