Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dynamics_365
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 86 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-08-14 | CVE-2019-1229 | An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker needs to have credentials for a user that has permission to author customized business rules in Dynamics, and persist XAML script in a way that causes it to be interpreted as code. The update addresses... | Dynamics_365 | 8.8 | ||
| 2020-01-24 | CVE-2018-8654 | An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'. | Dynamics_365 | N/A | ||
| 2020-01-14 | CVE-2020-0656 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | Dynamics_365 | N/A | ||
| 2019-10-10 | CVE-2019-1375 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | Dynamics_365 | N/A | ||
| 2019-05-16 | CVE-2019-1008 | A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'. | Dynamics_365, Dynamics_crm_2015 | 5.9 | ||
| 2018-11-14 | CVE-2018-8609 | A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365. | Dynamics_365 | 8.8 | ||
| 2018-11-14 | CVE-2018-8608 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8607. | Dynamics_365 | 5.4 | ||
| 2018-11-14 | CVE-2018-8607 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8608. | Dynamics_365 | 5.4 | ||
| 2018-11-14 | CVE-2018-8606 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8607, CVE-2018-8608. | Dynamics_365 | 5.4 | ||
| 2018-11-14 | CVE-2018-8605 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8606, CVE-2018-8607, CVE-2018-8608. | Dynamics_365 | 5.4 |