PT-2020-3977 · Microsoft · Dynamics 365 For Finance/Operations
Nicolas Joly
·
Published
2020-08-09
·
Updated
2023-12-31
·
CVE-2020-16857
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:S/C:P/I:C/A:N |
Name of the Vulnerable Software and Affected Versions:
Microsoft Dynamics 365 for Finance and Operations version 10.0.11
Description:
The issue is related to errors in input data processing, which can allow a remote attacker to execute arbitrary code. An authenticated attacker with privileges to import and export data could exploit this by sending a specially crafted file to a vulnerable server. The vulnerability is addressed by correcting how the software handles user input.
Recommendations:
For version 10.0.11, apply the security update that corrects how Microsoft Dynamics 365 for Finance and Operations handles user input. As a temporary workaround, consider restricting access to import and export data functionalities to minimize the risk of exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dynamics 365 For Finance/Operations