Lucene search

Kaspersky LabKLA60564

HistorySep 12, 2023 - 12:00 a.m.

KLA60564 Multiple vulnerabilities in Microsoft Dynamics

2023-09-1200:00:00

Kaspersky Lab

threats.kaspersky.com

microsoft dynamics

vulnerabilities

ui spoofing

xss/css

updates

kb list

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.1%

JSON

Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface.

Below is a complete list of vulnerabilities:

A cross-site-scripting (XSS) vulnerability Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface.
A cross-site-scripting (XSS) vulnerability Dynamics Finance and Operations can be exploited remotely to spoof user interface.

Original advisories

CVE-2023-36886

CVE-2023-38164

CVE-2023-36800

Related products

Microsoft-Dynamics-365

CVE list

CVE-2023-36886 high

CVE-2023-38164 high

CVE-2023-36800 high

KB list

5029396

5030608

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

XSS/CSS

Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.