6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.1 Medium
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
51.5%
03/14/2023
High
Multiple vulnerabilities were found in Microsoft Dynamics 365. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information.
Microsoft Dynamics 365 (on-premises) version 9.1
Microsoft Dynamics 365 (on-premises) version 9.0
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
CVE-2023-24920
CVE-2023-24891
CVE-2023-24922
CVE-2023-24919
CVE-2023-24921
CVE-2023-24879
OSI
CVE-2023-249205.4High
CVE-2023-248915.4High
CVE-2023-249226.5High
CVE-2023-249195.4High
CVE-2023-249215.4High
CVE-2023-248795.4High
support.microsoft.com/kb/5023505
support.microsoft.com/kb/5023506
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24879
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24891
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24919
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24920
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24921
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24922
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24879
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24891
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24919
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24920
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24921
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24922
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Dynamics-365/
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.1 Medium
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
51.5%