Microsoft Dynamics 365 vulnerabilities
7 known vulnerabilities affecting microsoft/microsoft_dynamics_365.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2026-47647P2CRITICALCVSS 9.9v-2026-06-18
CVE-2026-47647 [CRITICAL] CWE-284 CVE-2026-47647: Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privilege
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2018-8609P2HIGHCVSS 8.8vpremises) version 82018-11-14
CVE-2018-8609 [HIGH] CWE-116 CVE-2018-8609: A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365.
nvd
CVE-2026-32210P3HIGHCVSS 7.5v-2026-04-23
CVE-2026-32210 [HIGH] CWE-918 CVE-2026-32210: Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacke
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2019-1008P4MEDIUMCVSS 5.9v8.2v9.02019-05-16
CVE-2019-1008 [MEDIUM] CVE-2019-1008: A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Pr
A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'.
nvd
CVE-2019-1375P4MEDIUMCVSS 5.4v9.02019-10-10
CVE-2019-1375 [MEDIUM] CWE-79 CVE-2019-1375: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not prope
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
nvd
CVE-2020-1063P4MEDIUMCVSS 5.4v8.2v9.02020-05-21
CVE-2020-1063 [MEDIUM] CWE-79 CVE-2020-1063: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not prope
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
nvd
CVE-2018-8605P4MEDIUMCVSS 5.4vpremises) version 82018-11-14
CVE-2018-8605 [MEDIUM] CWE-79 CVE-2018-8605: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8606,
nvd