Kaspersky LabKLA11750KLA11750 Multiple vulnerability in Microsoft Dynamics
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.5%
Detect date:
04/14/2020
Severity:
Critical
Description:
Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, obtain sensitive information.
Affected products:
Dynamics 365 Server, version 9.0 (on-premises)
Microsoft Dynamics 365 BC On Premise
Microsoft Dynamics NAV 2017
Microsoft Dynamics NAV 2016
Dynamics 365 Business Central 2019 Spring Update
Microsoft Dynamics NAV 2018
Microsoft Dynamics NAV 2013
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft Dynamics NAV 2015
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2020-1022
CVE-2020-1050
CVE-2020-1049
CVE-2020-1018
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2020-10226.0High
CVE-2020-10504.3Warning
CVE-2020-10493.5Warning
CVE-2020-10185.0Warning
KB list:
4538593
4549673
4557700
4557699
4549676
4549674
4549678
4549675
4549677
Microsoft official advisories:
References
support.microsoft.com/kb/4538593
support.microsoft.com/kb/4549673
support.microsoft.com/kb/4549674
support.microsoft.com/kb/4549675
support.microsoft.com/kb/4549676
support.microsoft.com/kb/4549677
support.microsoft.com/kb/4549678
support.microsoft.com/kb/4557699
support.microsoft.com/kb/4557700
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1018
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1022
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1050
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1018
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1022
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1049
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-1050
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Dynamics-365/
Related
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.8 High
AI Score
Confidence
High
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.5%