Vulnerabilities fixed in Microsoft Dynamics

🗓️ 09 Feb 2021 00:00:00Reported by NCSCType

ncsc

ncsc🔗 advisories.ncsc.nl👁 2 Views

Microsoft Dynamics fixes two vulnerabilities that could allow impersonation or access to sensitive data.

Reporter	Title	Published	Views	Family All 28
BDU FSTEC	The vulnerability of Microsoft Dataverse, related to insufficient validation of input data, allows a perpetrator to gain unauthorized access to protected information.	23 Feb 202100:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Microsoft Dynamics 365 Business Central and integrated enterprise management system for small and medium-sized businesses lies in the lack of security measures for the website structure. This allows attackers to execute cross-site scripting attacks.	23 Feb 202100:00	–	bdu_fstec
Circl	CVE-2021-1724	26 Feb 202102:44	–	circl
CNNVD	Microsoft Dynamics Cross-Site Scripting Vulnerability	9 Feb 202100:00	–	cnnvd
CNNVD	Microsoft Dynamics 365 Information Disclosure Vulnerability	9 Feb 202100:00	–	cnnvd
CVE	CVE-2021-1724	25 Feb 202123:01	–	cve
CVE	CVE-2021-24101	25 Feb 202123:01	–	cve
Cvelist	CVE-2021-1724 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability	25 Feb 202123:01	–	cvelist
Cvelist	CVE-2021-24101 Microsoft Dataverse Information Disclosure Vulnerability	25 Feb 202123:01	–	cvelist
EUVD	EUVD-2021-7189	3 Oct 202520:07	–	euvd

09 Feb 2021 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 24

CVSS 3.16.5

EPSS0.15864

Microsoft Dynamics Impersonation risk Sensitive data access Security updates Vulnerability fixes