CVE-2020-16862

EPSS 4.05%
Veröffentlicht 11.09.2020 17:15:17
Zuletzt bearbeitet 21.11.2024 05:07:17
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

<p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account.
An authenticated attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable Dynamics server.
The security update addresses the vulnerability by correcting how  Microsoft Dynamics 365 (on-premises) validates and sanitizes user input.</p>

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Dynamics 365 Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.05%	0.88

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secure@microsoft.com	7.1	1.6	5.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16862

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-16862

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-16862

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-16862

EUVD