CVE-2018-8609

Опубликовано: 13 нояб. 2018

Источник: msrc

EPSS Средний

Описание

Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable Dynamics server. The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 (on-premises) validates and sanitizes user input.

Обновления

Продукт	Статья	Обновление
Microsoft Dynamics 365 (on-premises) version 8	4467675	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

DOS

N/A

EPSS

Процентиль: 97%

0.3099

Средний

Связанные уязвимости

CVE-2018-8609

CVSS3: 8.8

nvd

почти 7 лет назад

A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365.

GHSA-h52h-3mwv-hvcq

CVSS3: 8.8

github

больше 3 лет назад

BDU:2018-01385

CVSS3: 9.8

fstec

почти 7 лет назад

Уязвимость программного средства для планирования ресурсов Microsoft Dynamics 365, связанная с недостаточной защитой структуры SQL-запроса, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 97%

0.3099

Средний