KLA48561 Multiple vulnerabilities in Microsoft Dynamics

Multiple vulnerabilities were found in Microsoft Dynamics 365. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. Security UI vulnerability in Microsoft Dynamics 365 (on-premises) can be exploited remotely to spoof user interface.
2. An information disclosure vulnerability in Microsoft Dynamics 365 can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2023-24920

CVE-2023-24891

CVE-2023-24922

CVE-2023-24919

CVE-2023-24921

CVE-2023-24879

Related products

Microsoft-Dynamics-365

CVE list

CVE-2023-24920 high

CVE-2023-24891 high

CVE-2023-24922 high

CVE-2023-24919 high

CVE-2023-24921 high

CVE-2023-24879 high

KB list

5023506

5023505

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• XSS/CSS

Cross site scripting. Exploitation of vulnerabilities with this impact can lead to partial interception of information transmitted between user and site.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Microsoft Dynamics 365 (on-premises) version 9.1Microsoft Dynamics 365 (on-premises) version 9.0