CVE-2024-38166

2024-08-0622:15:54

CWE-79

microsoft

web.nvd.nist.gov

input neutralization flaw

microsoft dynamics 365

user tricking

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

27.8%

JSON

An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.

Affected configurations

Nvd

Vulners

Node

microsoftdynamics_crm_service_portal_web_resourceMatch-

VendorProductVersionCPE
microsoftdynamics_crm_service_portal_web_resource-cpe:2.3:a:microsoft:dynamics_crm_service_portal_web_resource:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	dynamics_crm_service_portal_web_resource	-	cpe:2.3:a:microsoft:dynamics_crm_service_portal_web_resource:-:::::::*

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Dynamics CRM Service Portal Web Resource",
    "cpes": [
      "cpe:2.3:a:microsoft:dynamics_crm_service_portal_web_resource:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "N/A",
        "status": "affected"
      }
    ]
  }
]