CVE-2019-1229 — Microsoft Dynamics 365 Version 9.0 vulnerability

4 documents4 sources

Severity

8.8HIGHNVD

EPSS

9.4%

top 7.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Dynamics 365 Version 9.0 Microsoft Dynamics 365

Timeline

PublishedAug 14

Latest updateMay 24

Description

An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker needs to have credentials for a user that has permission to author customized business rules in Dynamics, and persist XAML script in a way that causes it to be interpreted as code. The update addresses the…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5microsoft/microsoft_dynamics_365_version_9.09.0.0 — publication

▶NVDmicrosoft/dynamics_3659.0

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-g2cr-4r55-7gww: An elevation of privilege vulnerability exists in Dynamics On-Premise v9, aka 'Dynamics On-Premise Elevation of Privilege Vulnerability'↗2022-05-24

▶

CVEList

Dynamics On-Premise Elevation of Privilege Vulnerability↗2019-08-14

▶

📋Vendor Advisories

Microsoft

Dynamics On-Premise Elevation of Privilege Vulnerability↗2019-08-13

▶