CVE-2019-1229

Name of the Vulnerable Software and Affected Versions Dynamics On-Premise version 9

Description An elevation of privilege issue exists, allowing an attacker to gain control of the Web Role hosting the Dynamics installation by leveraging a customizer privilege within Dynamics. To exploit this, an attacker needs credentials for a user with permission to author customized business rules in Dynamics and must persist XAML script in a way that causes it to be interpreted as code.

Recommendations For Dynamics On-Premise version 9, update to a version that restricts XAML activities to a whitelisted set to address the vulnerability.