{"id":15366,"date":"2020-08-15T00:19:00","date_gmt":"2020-08-14T22:19:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=15366"},"modified":"2022-03-18T06:03:07","modified_gmt":"2022-03-18T05:03:07","slug":"microsoft-dynamics-365-schwachstelle-cve-2020-1182","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/08\/15\/microsoft-dynamics-365-schwachstelle-cve-2020-1182\/","title":{"rendered":"Microsoft Dynamics 365: Vulnerability CVE-2020-1182"},"content":{"rendered":"

[German<\/a>]A short addendum to the patchday August 11, 2020, where Microsoft has also released an update for Microsoft Dynamics 365. This will fix the remote execution vulnerability CVE-2020-1182.  <\/p>\n

<\/p>\n

In a security warning dated August 13, 2020 Microsoft explicitly points out this fact again.<\/p>\n

************************************************************
Title: Microsoft Security Update Releases
Issued: August 12, 2020
************************************************************
Summary
=======<\/p>\n

The following CVEs have undergone a major revision increment:<\/p>\n

* CVE-2020-1182<\/p>\n

Revision Information:
=====================<\/p>\n

* CVE-2020-1182<\/p>\n

CVE-2020-1182<\/a> | Microsoft Dynamics 365 for Finance and Operations (on-premises)
   Remote Code Execution Vulnerability
– Version 1.0
– Reason for Revision: Information published.
– Originally posted: August 12, 2020
– Updated: N\/A
– Aggregate CVE Severity Rating: Critical<\/p>\n

Vulnerability CVE-2020-1182<\/h2>\n

Vulnerability CVE-2020-1182<\/a> is a bug that allows remote code execution (RCE) on Microsoft Dynamics 365 (on-premises). Applies to Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could remotely execute code by executing server-side scripts on the victim's server.<\/p>\n

An authenticated attacker with permission to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server. The security update that Microsoft issued addresses the vulnerability by correcting how Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 handles user input. The updates are available from this page<\/a>.  <\/p>\n","protected":false},"excerpt":{"rendered":"

[German]A short addendum to the patchday August 11, 2020, where Microsoft has also released an update for Microsoft Dynamics 365. This will fix the remote execution vulnerability CVE-2020-1182. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22],"tags":[2542],"class_list":["post-15366","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","tag-microsoft-dynamics-365"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15366","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=15366"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15366\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=15366"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=15366"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=15366"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}