Main Vulnerability Database Vulnerabilities #VU20287

#VU20287 Code Injection in Microsoft Dynamics 365 - CVE-2019-1229

Published: August 14, 2019

Vulnerability identifier: #VU20287

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-1229

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Dynamics 365

Software vendor:
Microsoft

Description

The vulnerability allows a remote authenticated attacker to escalate privileges on the system.

The vulnerability exists due to improper input validation when processing XAML scripts. A remote privileged user with permission to author customized business rules in Dynamics can create a specially crafted XAML script and execute it on the system.

Successful exploitation of this vulnerability may allow an attacker to gain control of the Web Role hosting the Dynamics installation

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1229

#VU20287 Code Injection in Microsoft Dynamics 365 - CVE-2019-1229

Description

Remediation

External links

Please verify you're human