Filtered by vendor Microsoft
Subscriptions
Filtered by product Dynamics 365
Subscriptions
Total
91 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1229 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A |
| An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker needs to have credentials for a user that has permission to author customized business rules in Dynamics, and persist XAML script in a way that causes it to be interpreted as code. The update addresses the vulnerability by restricting XAML activities to a whitelisted set. | ||||
| CVE-2019-1008 | 1 Microsoft | 2 Dynamics 365, Dynamics Crm 2015 | 2024-11-21 | N/A |
| A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'. | ||||
| CVE-2018-8654 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 6.5 Medium |
| An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'. | ||||
| CVE-2018-8609 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365. | ||||
| CVE-2018-8608 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8607. | ||||
| CVE-2018-8607 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8608. | ||||
| CVE-2018-8606 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8607, CVE-2018-8608. | ||||
| CVE-2018-8605 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | N/A |
| A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8606, CVE-2018-8607, CVE-2018-8608. | ||||
| CVE-2024-38211 | 1 Microsoft | 1 Dynamics 365 | 2024-10-16 | 8.2 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2024-43476 | 1 Microsoft | 1 Dynamics 365 | 2024-10-09 | 7.6 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2024-38182 | 1 Microsoft | 1 Dynamics 365 | 2024-10-08 | 9 Critical |
| Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. | ||||