Filtered by vendor Microsoft Subscriptions
Filtered by product Dynamics 365 Subscriptions
Total 90 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-1229 1 Microsoft 1 Dynamics 365 2024-11-21 N/A
An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker needs to have credentials for a user that has permission to author customized business rules in Dynamics, and persist XAML script in a way that causes it to be interpreted as code. The update addresses the vulnerability by restricting XAML activities to a whitelisted set.
CVE-2019-1008 1 Microsoft 2 Dynamics 365, Dynamics Crm 2015 2024-11-21 N/A
A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'.
CVE-2018-8654 1 Microsoft 1 Dynamics 365 2024-11-21 6.5 Medium
An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'.
CVE-2018-8609 1 Microsoft 1 Dynamics 365 2024-11-21 N/A
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365.
CVE-2018-8608 1 Microsoft 1 Dynamics 365 2024-11-21 N/A
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8607.
CVE-2018-8607 1 Microsoft 1 Dynamics 365 2024-11-21 N/A
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8608.
CVE-2018-8606 1 Microsoft 1 Dynamics 365 2024-11-21 N/A
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8607, CVE-2018-8608.
CVE-2018-8605 1 Microsoft 1 Dynamics 365 2024-11-21 N/A
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8606, CVE-2018-8607, CVE-2018-8608.
CVE-2024-38211 1 Microsoft 1 Dynamics 365 2024-10-16 8.2 High
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2024-43476 1 Microsoft 1 Dynamics 365 2024-10-09 7.6 High
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability