cbcvebase.

Msrc Microsoft Dynamics 365 Version 9.0 vulnerabilities

52 known vulnerabilities affecting msrc/microsoft_dynamics_365_version_9.0.

Total CVEs
52
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH18MEDIUM34

Vulnerabilities

Page 2 of 3
CVE-2023-21571MEDIUMCVSS 5.42023-02-14
CVE-2023-21571 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would need to click on a specially crafted URL that could present a popup box requesting additional user input. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that m
msrc
CVE-2023-21570MEDIUMCVSS 5.42023-02-14
CVE-2023-21570 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? An
msrc
CVE-2023-21572MEDIUMCVSS 6.52023-02-14
CVE-2023-21572 [MEDIUM] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would need to click on a specially crafted URL that could present a popup box requesting additional user input. FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for
msrc
CVE-2023-21807MEDIUMCVSS 6.52023-02-14
CVE-2023-21807 [MEDIUM] CWE-79 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. FAQ: According to the CVSS metric, user interaction is
msrc
CVE-2022-23259HIGHCVSS 8.82022-04-12
CVE-2022-23259 [HIGH] Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated user could run a specially crafted trusted solution package to execute arbitrary SQL commands. From there the attacker could escalate and execute commands as db_owner within their Dynamics CRM database. Microsoft Dynamics: Microsoft Dynamics Microsoft: Microsof
msrc
CVE-2022-21957HIGHCVSS 7.22022-02-08
CVE-2022-21957 [HIGH] Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability FAQ: Are the updates for the Microsoft Dynamics 365 (on-premises) versions listed in this vulnerability currently available? The security update for Microsoft Dynamics 365 (on-premises) version 9.0 and Microsoft Dynamics 365 (on-premises) version 9.1 are not immediately available. The updates will be released as soon as possible, and
msrc
CVE-2021-42316HIGHCVSS 8.82021-11-09
CVE-2021-42316 [HIGH] Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability FAQ: What privileges could an attacker gain with successful exploitation of this vulnerability? An attacker can write to any file where the webserver user (nt authority\network service) has write access. Microsoft Dynamics: Microsoft Dynamics Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploi
msrc
CVE-2021-41353MEDIUMCVSS 5.42021-10-12
CVE-2021-41353 [MEDIUM] Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability Microsoft Dynamics: Microsoft Dynamics Microsoft: Microsoft Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://www.microsoft.com/en-us/download/details.aspx?id=103377 Reference: https://www.microsoft.com/en-us
msrc
CVE-2021-41354MEDIUMCVSS 5.42021-10-12
CVE-2021-41354 [MEDIUM] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics: Microsoft Dynamics Microsoft: Microsoft Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://www.microsoft.com/en-us/download/details.aspx?id=103377 Reference: https:/
msrc
CVE-2021-34524HIGHCVSS 8.12021-08-10
CVE-2021-34524 [HIGH] Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability FAQ: Is the update for Microsoft Dynamics 365 (on-premises) version 9.1 currently available? The security update for Microsoft Dynamics 365 (on-premises) version 9.1 is not immediately available. The update will be released as soon as possible, and when it is available, customers will be notified via a revision to this CVE inform
msrc
CVE-2021-36950MEDIUMCVSS 5.42021-08-10
CVE-2021-36950 [MEDIUM] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics: Microsoft Dynamics Microsoft: Microsoft Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://www.microsoft.com/en-us/download/details.aspx?id=103313
msrc
CVE-2021-24101MEDIUMCVSS 6.52021-02-09
CVE-2021-24101 [MEDIUM] Microsoft Dataverse Information Disclosure Vulnerability Microsoft Dataverse Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? This vulnerability discloses data stored in the underlying datasets in Dataverse, that could include Personal Identifiable Information. Microsoft Dynamics: Microsoft Dynamics Microsoft: Microsoft Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:No;Latest
msrc
CVE-2020-17147HIGHCVSS 8.72020-12-08
CVE-2020-17147 [HIGH] Dynamics CRM Webclient Cross-site Scripting Vulnerability Dynamics CRM Webclient Cross-site Scripting Vulnerability FAQ: What privileges are required to exploit this vulnerability? To exploit this vulnerability, an attacker would be required to have a System Customizer OR Administrator role. Microsoft Dynamics: Microsoft Dynamics Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Relea
msrc
CVE-2020-17005MEDIUMCVSS 5.42020-11-10
CVE-2020-17005 [MEDIUM] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics: Microsoft Dynamics Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;DOS:N/A Reference: https://www.microsoft.com/en-us/download/details.aspx?id=102300
msrc
CVE-2020-17021MEDIUMCVSS 5.42020-11-10
CVE-2020-17021 [MEDIUM] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics: Microsoft Dynamics Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://www.microsoft.com/en-us/download/details.asp
msrc
CVE-2020-17018MEDIUMCVSS 5.42020-11-10
CVE-2020-17018 [MEDIUM] Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability Microsoft Dynamics: Microsoft Dynamics Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://www.microsoft.com/en-us/download/details.asp
msrc
CVE-2020-16956MEDIUMCVSS 5.42020-10-13
CVE-2020-16956 [MEDIUM] Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker w
msrc
CVE-2020-16978MEDIUMCVSS 5.42020-10-13
CVE-2020-16978 [MEDIUM] Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker w
msrc
CVE-2020-16872HIGHCVSS 7.62020-09-08
CVE-2020-16872 [HIGH] Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Description: A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker who
msrc
CVE-2020-16862HIGHCVSS 7.12020-09-08
CVE-2020-16862 [HIGH] Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. An authenticated at
msrc
← Previous2 / 3Next →