CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1229 – Dynamics On-Premise Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2019-1229
An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker needs to have credentials for a user that has permission to author customized business rules in Dynamics, and persist XAML script in a way that causes it to be interpreted as code. The update addresses the vulnerability by restricting XAML activities to a whitelisted set. Existe una vulnerabilidad de elevación de privilegios en Dynamics On-Premise versión v9, también se conoce como "Dynamics On-Premise Elevation of Privilege Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1229 •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1008
https://notcve.org/view.php?id=CVE-2019-1008
A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'. Existe una vulnerabilidad de omisión de la característica de seguridad en Dynamics On Premise, también se conoce como 'Microsoft Dynamics On-Premise Security Feature Bypass'. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8608
https://notcve.org/view.php?id=CVE-2018-8608
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8607. Existe una vulnerabilidad Cross-Site Scripting (XSS) cuando Microsoft Dynamics 365 (on-premises), versión 8, no sanea correctamente una petición web especialmente manipulada a un servidor Dynamics afectado. Esto también se conoce como "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability". • http://www.securityfocus.com/bid/105892 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8608 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8607
https://notcve.org/view.php?id=CVE-2018-8607
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8608. Existe una vulnerabilidad Cross-Site Scripting (XSS) cuando Microsoft Dynamics 365 (on-premises), versión 8, no sanea correctamente una petición web especialmente manipulada a un servidor Dynamics afectado. Esto también se conoce como "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability". • http://www.securityfocus.com/bid/105891 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8606
https://notcve.org/view.php?id=CVE-2018-8606
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8607, CVE-2018-8608. Existe una vulnerabilidad Cross-Site Scripting (XSS) cuando Microsoft Dynamics 365 (on-premises), versión 8, no sanea correctamente una petición web especialmente manipulada a un servidor Dynamics afectado. Esto también se conoce como "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability". • http://www.securityfocus.com/bid/105890 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8606 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •