Lucene search
MicrosoftCVE-2024-38182HistoryJul 31, 2024 - 11:15 p.m.
CVE-2024-38182
2024-07-3123:15:13
CWE-1390
microsoft
web.nvd.nist.gov
40
microsoft dynamics 365
weak authentication
privilege elevation
network-based vulnerability
CVSS3
9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.2
Confidence
High
EPSS
0.001
Percentile
39.5%
Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
Affected configurations
Node
microsoftdynamics_365Matchn\/afield_service
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | dynamics_365 | n/a | cpe:2.3:a:microsoft:dynamics_365:n\/a:*:*:*:*:field_service:*:* |
CNA Affected
[
{
"vendor": "Microsoft",
"product": "Dynamics 365 Field Service (on-premises) v7 series",
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365:7.0:*:*:*:*:field_service:*:*"
],
"platforms": [
"Unknown"
],
"versions": [
{
"version": "N/A",
"status": "affected"
}
]
}
]Related
mscve
mscve
Microsoft Dynamics 365 Elevation of Privilege Vulnerability
2024-07-31 07:00:00
kaspersky
kaspersky
KLA71258 PE vulnerability in Microsoft Dynamics
2024-07-31 00:00:00
nvd
nvd
CVE-2024-38182
2024-07-31 23:15:13
cvelist
cvelist
CVE-2024-38182 Microsoft Dynamics 365 Elevation of Privilege Vulnerability
2024-07-31 23:00:11
vulnrichment
vulnrichment
CVE-2024-38182 Microsoft Dynamics 365 Elevation of Privilege Vulnerability
2024-07-31 23:00:11
CVSS3
9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
9.2
Confidence
High
EPSS
0.001
Percentile
39.5%
Related for CVE-2024-38182