CVE-2020-1182

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11

Description: A remote code execution issue exists, allowing an attacker to gain remote code execution via server-side script execution on the victim server. An authenticated attacker with privileges to import and export data could exploit this by sending a specially crafted file to a vulnerable Dynamics server. The issue is related to errors in handling user input.

Recommendations: For Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11, apply the security update that corrects how the software handles user input to address the issue. As a temporary workaround, consider restricting access to import and export data functionalities to minimize the risk of exploitation.