Описание
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability
FAQ
How could an attacker exploit this vulnerability?
An authenticated user could run a specially crafted trusted solution package to execute arbitrary SQL commands. From there the attacker could escalate and execute commands as db_owner within their Dynamics CRM database.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
The attacker must be authenticated to be able to exploit this vulnerability.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Dynamics CRM (on-premises) 9.1 | ||
| Microsoft Dynamics CRM (on-premises) 9.0 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
8.8 High
CVSS3
Связанные уязвимости
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35805.
Уязвимость программного средства для планирования ресурсов Microsoft Dynamics CRM, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнить произвольный код
EPSS
8.8 High
CVSS3