CVE-2020-16862

Published: 11/09/2020 Updated: 31/12/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.1 | Impact Score: 5.5 | Exploitability Score: 1.6

VMScore: 580

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

<p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable Dynamics server. The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 (on-premises) validates and sanitizes user input.</p>

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft dynamics 365 9.0

Enjoyed the US Labor Day weekend? Because it's September 2020 and Exchange Server can be pwned via email

The Register • Shaun Nichols in San Francisco • 08 Sep 2020

Don't be so smug, Mac users, you're open to an InDesign project file

A nightmare flaw for Exchange Server headlines this month's Patch Tuesday lineup from Microsoft and others. September sees a bundle of 129 CVE-listed flaws patched by Microsoft. The vast majority of those, 105 in total, are classified as 'important' risks. Another 23 are considered critical bugs, and one is listed as moderate. None of the bugs have public exploit code or in-the-wild attacks yet. Of the nearly two-dozen critical patches, Zero Day Initiative's Dustin Childs says that far and away ...

CVE-2020-16862

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect