Unrated severityNVD Advisory· Published Sep 11, 2020· Updated Aug 4, 2024
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
CVE-2020-16857
Description
<p>A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server.</p> <p>An authenticated attacker with privileges to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 handles user input.</p>
Affected products
1- cpe:2.3:a:microsoft:dynamics_365:-:*:*:*:*:finance_and_operations:*:*Range: 10.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16857mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.