CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
55.0%
Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, spoof user interface, obtain sensitive information.
Below is a complete list of vulnerabilities:
CVE-2024-21393 critical
CVE-2024-21328 critical
CVE-2024-21327 critical
CVE-2024-21389 critical
CVE-2024-21396 critical
CVE-2024-21380 critical
CVE-2024-21394 critical
CVE-2024-21395 critical
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.
Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.
support.microsoft.com/kb/5035110
support.microsoft.com/kb/5035205
support.microsoft.com/kb/5035206
support.microsoft.com/kb/5035207
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21327
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21328
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21380
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21389
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21393
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21394
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21395
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21396
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Dynamics-365/