Dynamics 365
by Microsoft
CVEs (56)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32210 | Cri | 0.60 | 9.3 | 0.01 | Apr 23, 2026 | Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2026-42833 | Cri | 0.59 | 9.1 | 0.01 | May 12, 2026 | Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. | ||
| CVE-2026-40371 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2026 | Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2026-33103 | Med | 0.36 | 5.5 | 0.00 | Apr 14, 2026 | Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally. | ||
| CVE-2020-1022 | 0.03 | — | 0.07 | Apr 15, 2020 | A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'. | |||
| CVE-2020-0905 | 0.03 | — | 0.11 | Mar 12, 2020 | An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'. | |||
| CVE-2021-24101 | 0.01 | — | 0.03 | Feb 25, 2021 | Microsoft Dataverse Information Disclosure Vulnerability | |||
| CVE-2020-17133 | 0.01 | — | 0.04 | Dec 9, 2020 | Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | |||
| CVE-2020-1182 | 0.01 | — | 0.03 | Aug 17, 2020 | A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An… | |||
| CVE-2019-1229 | 0.01 | — | 0.03 | Aug 14, 2019 | An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this… | |||
| CVE-2018-8609 | 0.01 | — | 0.09 | Nov 14, 2018 | A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This… | |||
| CVE-2026-47647 | 0.00 | — | 0.00 | Jun 18, 2026 | Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2025-21177 | 0.00 | — | 0.01 | Feb 6, 2025 | Server-side request forgery (ssrf) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2024-49053 | 0.00 | — | 0.01 | Nov 26, 2024 | Microsoft Dynamics 365 Sales Spoofing Vulnerability | |||
| CVE-2024-38166 | 0.00 | — | 0.01 | Aug 6, 2024 | An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link. | |||
| CVE-2024-38182 | 0.00 | — | 0.01 | Jul 31, 2024 | Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. | |||
| CVE-2024-30061 | 0.00 | — | 0.01 | Jul 9, 2024 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | |||
| CVE-2024-30048 | 0.00 | — | 0.01 | May 14, 2024 | Dynamics 365 Customer Insights Spoofing Vulnerability | |||
| CVE-2024-30047 | 0.00 | — | 0.01 | May 14, 2024 | Dynamics 365 Customer Insights Spoofing Vulnerability | |||
| CVE-2023-28309 | 0.00 | — | 0.01 | Apr 11, 2023 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
- risk 0.60cvss 9.3epss 0.01
Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network.
- risk 0.59cvss 9.1epss 0.01
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
- risk 0.36cvss 5.5epss 0.00
Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.
- CVE-2020-1022Apr 15, 2020risk 0.03cvss —epss 0.07
A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.
- CVE-2020-0905Mar 12, 2020risk 0.03cvss —epss 0.11
An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.
- CVE-2021-24101Feb 25, 2021risk 0.01cvss —epss 0.03
Microsoft Dataverse Information Disclosure Vulnerability
- CVE-2020-17133Dec 9, 2020risk 0.01cvss —epss 0.04
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
- CVE-2020-1182Aug 17, 2020risk 0.01cvss —epss 0.03
A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An…
- CVE-2019-1229Aug 14, 2019risk 0.01cvss —epss 0.03
An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this…
- CVE-2018-8609Nov 14, 2018risk 0.01cvss —epss 0.09
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This…
- CVE-2026-47647Jun 18, 2026risk 0.00cvss —epss 0.00
Improper access control in Microsoft Dynamics 365 allows an authorized attacker to elevate privileges over a network.
- CVE-2025-21177Feb 6, 2025risk 0.00cvss —epss 0.01
Server-side request forgery (ssrf) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.
- CVE-2024-49053Nov 26, 2024risk 0.00cvss —epss 0.01
Microsoft Dynamics 365 Sales Spoofing Vulnerability
- CVE-2024-38166Aug 6, 2024risk 0.00cvss —epss 0.01
An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.
- CVE-2024-38182Jul 31, 2024risk 0.00cvss —epss 0.01
Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
- CVE-2024-30061Jul 9, 2024risk 0.00cvss —epss 0.01
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
- CVE-2024-30048May 14, 2024risk 0.00cvss —epss 0.01
Dynamics 365 Customer Insights Spoofing Vulnerability
- CVE-2024-30047May 14, 2024risk 0.00cvss —epss 0.01
Dynamics 365 Customer Insights Spoofing Vulnerability
- CVE-2023-28309Apr 11, 2023risk 0.00cvss —epss 0.01
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
Page 1 of 3