Lucene search

K
kasperskyKaspersky LabKLA11953
HistorySep 08, 2020 - 12:00 a.m.

KLA11953 Multiple vulnerabilities in Microsoft Dynamics

2020-09-0800:00:00
Kaspersky Lab
threats.kaspersky.com
10

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

6.9 Medium

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

Detect date:

09/08/2020

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Dynamics 365. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code.

Affected products:

Dynamics 365 for Finance and Operations
Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Dynamics 365 (on-premises) version 8.2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2020-16872
CVE-2020-16860
CVE-2020-16862
CVE-2020-16864
CVE-2020-16878
CVE-2020-16861
CVE-2020-16871
CVE-2020-16858
CVE-2020-16859
CVE-2020-16857

Impacts:

ACE

Related products:

Microsoft Dynamics 365

CVE-IDS:

CVE-2020-168727.6Critical
CVE-2020-168606.8High
CVE-2020-168627.1High
CVE-2020-168645.4High
CVE-2020-168785.4High
CVE-2020-168615.4High
CVE-2020-168715.4High
CVE-2020-168585.4High
CVE-2020-168595.4High
CVE-2020-168577.1High

KB list:

4577501
4574742

Microsoft official advisories:

References

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

6.9 Medium

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%