Multiple vulnerabilities in Microsoft Dynamics

Описание

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges, execute arbitrary code.

Below is a complete list of vulnerabilities:

1. A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface.
2. An elevation of privilege vulnerability in Microsoft Dynamics 365 Business Central can be exploited remotely to gain privileges.
3. A remote code execution vulnerability in Microsoft Power Automate Desktop can be exploited remotely to execute arbitrary code.

Первичный источник обнаружения

• CVE-2024-43476
  CVE-2024-38225
  CVE-2024-43479
  

Связанные продукты

• Microsoft-Dynamics-365

Список CVE

• CVE-2024-43476
  critical
• CVE-2024-38225
  critical
• CVE-2024-43479
  critical

Список KB

• 5042530
• 5042528
• 5042529
• 5043254

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com