Microsoft Dynamics 365: Vulnerability CVE-2020-1182

[German]A short addendum to the patchday August 11, 2020, where Microsoft has also released an update for Microsoft Dynamics 365. This will fix the remote execution vulnerability CVE-2020-1182. 


Advertising

In a security warning dated August 13, 2020 Microsoft explicitly points out this fact again.

************************************************************
Title: Microsoft Security Update Releases
Issued: August 12, 2020
************************************************************
Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2020-1182

Revision Information:
=====================


Advertising

* CVE-2020-1182

CVE-2020-1182 | Microsoft Dynamics 365 for Finance and Operations (on-premises)
   Remote Code Execution Vulnerability
– Version 1.0
– Reason for Revision: Information published.
– Originally posted: August 12, 2020
– Updated: N/A
– Aggregate CVE Severity Rating: Critical

Vulnerability CVE-2020-1182

Vulnerability CVE-2020-1182 is a bug that allows remote code execution (RCE) on Microsoft Dynamics 365 (on-premises). Applies to Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could remotely execute code by executing server-side scripts on the victim's server.

An authenticated attacker with permission to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server. The security update that Microsoft issued addresses the vulnerability by correcting how Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 handles user input. The updates are available from this page


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in Security, Software, Update and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *