7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
6.9 Medium
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.023 Low
EPSS
Percentile
89.5%
09/08/2020
Critical
Multiple vulnerabilities were found in Microsoft Dynamics 365. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code.
Dynamics 365 for Finance and Operations
Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Dynamics 365 (on-premises) version 8.2
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
CVE-2020-16872
CVE-2020-16860
CVE-2020-16862
CVE-2020-16864
CVE-2020-16878
CVE-2020-16861
CVE-2020-16871
CVE-2020-16858
CVE-2020-16859
CVE-2020-16857
ACE
CVE-2020-168727.6Critical
CVE-2020-168606.8High
CVE-2020-168627.1High
CVE-2020-168645.4High
CVE-2020-168785.4High
CVE-2020-168615.4High
CVE-2020-168715.4High
CVE-2020-168585.4High
CVE-2020-168595.4High
CVE-2020-168577.1High
support.microsoft.com/kb/4574742
support.microsoft.com/kb/4577501
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16857
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16858
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16859
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16860
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16861
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16862
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16864
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16871
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16872
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16878
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16857
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16858
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16859
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16860
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16861
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16862
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16864
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16871
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16872
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16878
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Dynamics-365/
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
6.9 Medium
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.023 Low
EPSS
Percentile
89.5%