CVE-2020-16862

EPSS 4.05%
Published 11.09.2020 17:15:17
Last modified 21.11.2024 05:07:17
Source secure@microsoft.com
Teams watchlist Login
Open Login

<p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account.
An authenticated attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable Dynamics server.
The security update addresses the vulnerability by correcting how  Microsoft Dynamics 365 (on-premises) validates and sanitizes user input.</p>

Affected products Warnungen 0 Metrics 4 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Dynamics 365 Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.05%	0.881

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secure@microsoft.com	7.1	1.6	5.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16862

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-16862

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-16862

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-16862

EUVD