CVE-2019-1008 — Microsoft Dynamics 365 vulnerability

4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

9.2%

top 7.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Dynamics 365 Microsoft Dynamics CRM 2015 Microsoft Dynamics 365 +1 more

Timeline

PublishedMay 16

Latest updateMay 24

Description

A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶NVDmicrosoft/dynamics_3658.2, 9.0+1

▶NVDmicrosoft/dynamics_crm_20157.0

▶CVEListV5microsoft/microsoft_dynamics_3658.2, 9.0+1

▶CVEListV5microsoft/microsoft_dynamics_crm_20157.0

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-8w8m-w63v-5jcc: A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'↗2022-05-24

▶

CVEList

CVE-2019-1008: A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'↗2019-05-16

▶

📋Vendor Advisories

Microsoft

Microsoft Dynamics On-Premise Security Feature Bypass↗2019-05-14

▶