CVE-2020-16860

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 (on-premises) (affected versions not specified)

Description: A remote code execution issue exists due to the server's failure to properly sanitize web requests. An authenticated attacker could exploit this by sending a specially crafted request, potentially allowing them to run arbitrary code in the context of the SQL service account. The issue is related to insufficient input validation.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.