CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1229 – Dynamics On-Premise Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2019-1229
An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker needs to have credentials for a user that has permission to author customized business rules in Dynamics, and persist XAML script in a way that causes it to be interpreted as code. The update addresses the vulnerability by restricting XAML activities to a whitelisted set. Existe una vulnerabilidad de elevación de privilegios en Dynamics On-Premise versión v9, también se conoce como "Dynamics On-Premise Elevation of Privilege Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1229 •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1008
https://notcve.org/view.php?id=CVE-2019-1008
A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'. Existe una vulnerabilidad de omisión de la característica de seguridad en Dynamics On Premise, también se conoce como 'Microsoft Dynamics On-Premise Security Feature Bypass'. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008 •