CVE-2022-21932 - Vulnerability Details

Vendors	Products
Microsoft	Dynamics 365

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21932
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21932

Type	Values Removed	Values Added
References		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21932

Type	Values Removed	Values Added
References	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21932

Type	Values Removed	Values Added
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21932

Show plain JSON

{"containers": {"cna": {"title": "Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability", "datePublic": "2022-01-11T08:00:00+00:00", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:customer_engagement:*:*:*", "versionStartIncluding": "9.0.0", "versionEndExcluding": "9.0.34.12"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Dynamics 365 Customer Engagement V9.0", "platforms": ["Unknown"], "versions": [{"version": "9.0.0", "lessThan": "9.0.34.12", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Spoofing", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-01-02T18:22:49.850Z"}, "references": [{"name": "Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21932"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:00:53.853Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21932"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2022-21932", "datePublished": "2022-01-11T20:23:26", "dateReserved": "2021-12-14T00:00:00", "dateUpdated": "2025-01-02T18:22:49.850Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

title : Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability (string)

datePublic : 2022-01-11T08:00:00+00:00 (string)

cpeApplicability : [ »

0 : { »

nodes : [ »

0 : { »

operator : OR (string)

negate : false (boolean)

cpeMatch : [ »

0 : { »

vulnerable : true (boolean)

criteria : cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:customer_engagement:*:*:* (string)

versionStartIncluding : 9.0.0 (string)

versionEndExcluding : 9.0.34.12 (string)

}

]

}

]

}

]

affected : [ »

0 : { »

vendor : Microsoft (string)

product : Microsoft Dynamics 365 Customer Engagement V9.0 (string)

platforms : [ »

0 : Unknown (string)

]

versions : [ »

0 : { »

version : 9.0.0 (string)

lessThan : 9.0.34.12 (string)

versionType : custom (string)

status : affected (string)

}

]

}

]

descriptions : [ »

0 : { »

value : Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability (string)

lang : en-US (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Spoofing (string)

lang : en-US (string)

type : Impact (string)

}

]

}

]

providerMetadata : { »

orgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

shortName : microsoft (string)

dateUpdated : 2025-01-02T18:22:49.850Z (string)

}

references : [ »

0 : { »

name : Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

]

url : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21932 (string)

}

]

metrics : [ »

0 : { »

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en-US (string)

value : GENERAL (string)

}

]

cvssV3_1 : { »

version : 3.1 (string)

baseSeverity : HIGH (string)

baseScore : 7.6 (number)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T03:00:53.853Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21932 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f38d906d-7342-40ea-92c1-6c4a2c6478c8 (string)

assignerShortName : microsoft (string)

cveId : CVE-2022-21932 (string)

datePublished : 2022-01-11T20:23:26 (string)

dateReserved : 2021-12-14T00:00:00 (string)

dateUpdated : 2025-01-02T18:22:49.850Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:dynamics_365:9.0:*:*:*:customer_engagement:*:*:*", "matchCriteriaId": "265E0AE8-1E2A-4E0B-B4CB-2D3B048AF9AD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability"}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross-Site Scripting de Microsoft Dynamics 365 Customer Engagement"}], "id": "CVE-2022-21932", "lastModified": "2024-11-21T06:45:44.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.7, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-11T21:15:13.993", "references": [{"source": "secure@microsoft.com", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21932"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21932"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microsoft:dynamics_365:9.0:*:*:*:customer_engagement:*:*:* (string)

matchCriteriaId : 265E0AE8-1E2A-4E0B-B4CB-2D3B048AF9AD (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de tipo Cross-Site Scripting de Microsoft Dynamics 365 Customer Engagement (string)

}

]

id : CVE-2022-21932 (string)

lastModified : 2024-11-21T06:45:44.010 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 3.5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:S/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.6 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 4.7 (number)

source : secure@microsoft.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-01-11T21:15:13.993 (string)

references : [ »

0 : { »

source : secure@microsoft.com (string)

url : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21932 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21932 (string)

}

]

sourceIdentifier : secure@microsoft.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object