Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA19247
HistorySep 13, 2022 - 12:00 a.m.

KLA19247 Multiple vulnerabilities in Microsoft Dynamics

2022-09-1300:00:00
Kaspersky Lab
threats.kaspersky.com
17
microsoft dynamics
arbitrary code execution
cve-2022-34700
cve-2022-35805
kb list.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.01

Percentile

84.3%

JSON

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Original advisories

CVE-2022-34700

CVE-2022-35805

Related products

Microsoft-Dynamics-AX

Microsoft-Dynamics-365

CVE list

CVE-2022-34700 critical

CVE-2022-35805 critical

KB list

5017524

5017226

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Affected Products

  • Microsoft Dynamics CRM (on-premises) 9.0Microsoft Dynamics CRM (on-premises) 9.1

Related

mskb 2
nessus 1
cnvd 2
prion 2
mscve 2
cvelist 2
cve 2
nvd 2
malwarebytes 1
thn 1
talosblog 1
krebs 1
rapid7blog 1
mskb
mskb
Service-Update-0.40-for-Microsoft-Dynamics CRM ( on-premises)-9.0
2022-09-13 07:00:00
Service Update 1.12 for Microsoft Dynamics CRM (on-premises) 9.1
2022-09-13 07:00:00
nessus
nessus
Security Updates for Microsoft Dynamics 365 (on-premises) (September 2022)
2022-09-14 00:00:00
cnvd
cnvd
Microsoft Dynamics CRM Remote Code Execution Vulnerability
2022-09-15 00:00:00
Microsoft Dynamics CRM Remote Code Execution Vulnerability (CNVD-2022-63616)
2022-09-15 00:00:00
prion
prion
Remote code execution
2022-09-13 19:15:00
Remote code execution
2022-09-13 19:15:00
mscve
mscve
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability
2022-09-13 07:00:00
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability
2022-09-13 07:00:00
cvelist
cvelist
CVE-2022-34700 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability
2022-09-13 18:41:32
CVE-2022-35805 Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability
2022-09-13 18:41:50
cve
cve
CVE-2022-34700
2022-09-13 19:15:09
CVE-2022-35805
2022-09-13 19:15:11
nvd
nvd
CVE-2022-34700
2022-09-13 19:15:09
CVE-2022-35805
2022-09-13 19:15:11
malwarebytes
malwarebytes
Update now! Microsoft patches two zero-days
2022-09-14 12:00:00
thn
thn
Microsoft's Latest Security Update Fixes 64 New Flaws, Including a Zero-Day
2022-09-14 04:42:00
talosblog
talosblog
Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities
2022-09-13 18:01:00
krebs
krebs
Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday
2022-09-14 00:23:45
rapid7blog
rapid7blog
Patch Tuesday - September 2022
2022-09-13 20:11:08

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.01

Percentile

84.3%

JSON
Related for KLA19247
mskb2nessus1cnvd2prion2mscve2cvelist2cve2nvd2malwarebytes1thn1talosblog1krebs1rapid7blog1