Описание
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.
FAQ
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker, and navigate to a malicious site where malicious code would execute a series of specially crafted queries.
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Dynamics 365 (on-premises) version 9.1 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.
Уязвимость программного средства для планирования ресурсов Microsoft Dynamics 365, связанная с недостаточной защитой служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
6.5 Medium
CVSS3