Erik Donker

**Name of the Vulnerable Software and Affected Versions** Microsoft Power Pages (affected versions not specified) **Description** Improper neutralization of special elements used in a command, known as command injection, allows an unauthorized and unauthenticated attacker to execute code remotely over a network without requiring user interaction. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dataverse (affected versions not specified) **Description** A remote code execution issue has been identified. Information about this issue has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Dataverse (affected versions not specified) Description: Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dataverse (affected versions not specified) **Description** The issue is related to improper authentication in Microsoft Dataverse, allowing an authorized attacker to elevate privileges over a network. This can potentially lead to unauthorized access to sensitive data. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 (On-Premises) (affected versions not specified) Description: The issue is related to improper authorization in the local software tool for resource planning in Microsoft Dynamics 365 (On-Premises). Exploitation of this issue may allow a remote attacker to disclose protected information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Microsoft Dataverse (affected versions not specified) Description: An authenticated attacker can exploit an untrusted search path vulnerability in Microsoft Dataverse to execute code over a network. The vulnerability is related to the use of an untrusted search path, allowing a remote attacker to execute arbitrary code. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics 365 (On-Premises) (affected versions not specified) **Description** The issue is related to insufficient protection of service data, which can lead to information disclosure. An attacker, acting remotely, can exploit this to reveal protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics 365 (on-premises) (affected versions not specified) **Description** The issue is related to a lack of protection for the web page structure in Microsoft Dynamics 365, allowing for cross-site scripting attacks. An attacker could exploit this by using a specially crafted link to conduct remote attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dynamics 365 Sales (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface in Microsoft Dynamics 365, which can lead to spoofing attacks. A remote attacker can exploit this issue to conduct such attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics 365 (on-premises) (affected versions not specified) **Description** The issue exists due to inadequate protection of the web page structure in Microsoft Dynamics 365, allowing a remote attacker to conduct a cross-site scripting (XSS) attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics 365 Customer Voice (affected versions not specified) **Description** The issue is related to insufficient protection of the web page structure, allowing for cross-site scripting attacks. An attacker can exploit this to perform remote inter-site script attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Dynamics Unified Service Desk (affected versions not specified) **Description** The issue is related to incorrect code generation management in Microsoft Dynamics 365 Unified Service Desk, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.