CVE-2024-38182Weak Authentication in Microsoft Dynamics 365 Field Service V7 Series

CWE-1390Weak Authentication4 documents4 sources
Severity
9.8CRITICALNVD
CNA9.0
EPSS
2.0%
top 16.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft Dynamics 365 Field Service V7 SeriesMicrosoft Dynamics 365
Timeline
PublishedJul 31
Latest updateAug 1

Description

Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-5rh9-r47c-q36p: Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network2024-08-01
CVEList
Microsoft Dynamics 365 Elevation of Privilege Vulnerability2024-07-31

📋Vendor Advisories

1
Microsoft
Microsoft Dynamics 365 Elevation of Privilege Vulnerability2024-07-09
CVE-2024-38182 — Weak Authentication in Microsoft | cvebase