Lucene search

K
kasperskyKaspersky LabKLA12313
HistoryOct 12, 2021 - 12:00 a.m.

KLA12313 Multiple vulnerabilities in Microsoft Dynamics

2021-10-1200:00:00
Kaspersky Lab
threats.kaspersky.com
9

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Detect date:

10/12/2021

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, spoof user interface.

Affected products:

Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft Dynamics 365 Customer Engagement V9.1
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft Dynamics 365 Customer Engagement V9.0

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2021-40457
CVE-2021-41353
CVE-2021-41354

Impacts:

XSS/CSS

Related products:

Microsoft Dynamics 365

KB list:

4618795
4618810

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Related for KLA12313