The vulnerability of the Microsoft Dynamics 365 resource planning software lies in the insufficient protection of the website structure, allowing a hacker to inject arbitrary code into the web pages that users are allowed to download.

🗓️ 04 Dec 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Dynamics 365 flaw: weak site protection enables arbitrary code injection into user downloaded pages.

Reporter	Title	Published	Views	Family All 21
ATTACKERKB	CVE-2018-8605	14 Nov 201801:29	–	attackerkb
ATTACKERKB	CVE-2018-8607	14 Nov 201801:29	–	attackerkb
ATTACKERKB	CVE-2018-8606	14 Nov 201801:29	–	attackerkb
ATTACKERKB	CVE-2018-8608	14 Nov 201801:29	–	attackerkb
CNVD	Microsoft Dynamics 365 Cross-Site Scripting Vulnerability	14 Nov 201800:00	–	cnvd
CVE	CVE-2018-8608	14 Nov 201801:00	–	cve
Cvelist	CVE-2018-8608	14 Nov 201801:00	–	cvelist
EUVD	EUVD-2018-20223	7 Oct 202500:30	–	euvd
Microsoft KB	Microsoft Dynamics 365 (online and on-premises) Update 8.2.3	13 Feb 201908:00	–	mskb
Kaspersky	KLA11351 Multiple vulnerabilities in Microsoft Dynamics	13 Nov 201800:00	–	kaspersky

Vulners

Node

microsoft microsoft_dynamics_365Match8

Source	Link
securitylab	www.securitylab.ru/vulnerability/496458.php
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8608
securityfocus	www.securityfocus.com/bid/105892
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2018111325
web	www.web.nvd.nist.gov/view/vuln/detail

23 Mar 2021 00:00Current

8High risk

Vulners AI Score8

CVSS 36.1

CVSS 26.4

EPSS0.01103

site protection weakness arbitrary code injection user downloaded pages phishing risk crafted requests dynamics 365 vulnerability