Multiple vulnerabilities in Microsoft Dynamics

Описание

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, spoof user interface, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface.
2. A spoofing vulnerability in Dynamics 365 Sales can be exploited remotely to spoof user interface.
3. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 Customer Engagement can be exploited remotely to spoof user interface.
4. An information disclosure vulnerability in Microsoft Dynamics Business Central/NAV can be exploited remotely to obtain sensitive information.
5. A spoofing vulnerability in Dynamics 365 Field Service can be exploited remotely to spoof user interface.

Первичный источник обнаружения

• CVE-2024-21393
  CVE-2024-21328
  CVE-2024-21327
  CVE-2024-21389
  CVE-2024-21396
  CVE-2024-21380
  CVE-2024-21394
  CVE-2024-21395
  

Связанные продукты

• Microsoft-Dynamics-365

Список CVE

• CVE-2024-21393
  critical
• CVE-2024-21328
  critical
• CVE-2024-21327
  critical
• CVE-2024-21389
  critical
• CVE-2024-21396
  critical
• CVE-2024-21380
  critical
• CVE-2024-21394
  critical
• CVE-2024-21395
  critical

Список KB

• 5035205
• 5035207
• 5035110
• 5035206

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com