Microsoft Dynamics 365
Recent Microsoft Dynamics 365 Security Advisories
Advisory | Title | Published |
---|---|---|
CVE-2023-24919 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | March 14, 2023 |
CVE-2023-24920 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | March 14, 2023 |
CVE-2023-24879 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | March 14, 2023 |
CVE-2023-24921 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | March 14, 2023 |
CVE-2023-24922 | Microsoft Dynamics 365 Information Disclosure Vulnerability | March 14, 2023 |
CVE-2023-24891 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | March 14, 2023 |
CVE-2023-21570 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | February 14, 2023 |
CVE-2023-21807 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | February 14, 2023 |
CVE-2023-21573 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | February 14, 2023 |
CVE-2023-21571 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | February 14, 2023 |
By the Year
In 2023 there have been 12 vulnerabilities in Microsoft Dynamics 365 with an average score of 6.0 out of ten. Last year Dynamics 365 had 5 security vulnerabilities published. That is, 7 more vulnerabilities have already been reported in 2023 as compared to last year. Last year, the average CVE base score was greater by 1.83
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 12 | 5.98 |
2022 | 5 | 7.80 |
2021 | 8 | 6.24 |
2020 | 15 | 6.45 |
2019 | 3 | 6.70 |
2018 | 5 | 6.08 |
It may take a day or so for new Dynamics 365 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Dynamics 365 Security Vulnerabilities
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-24879
5.4 - Medium
- March 14, 2023
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
XSS
Microsoft Dynamics 365 Information Disclosure Vulnerability
CVE-2023-24922
7.5 - High
- March 14, 2023
Microsoft Dynamics 365 Information Disclosure Vulnerability
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-24891
5.4 - Medium
- March 14, 2023
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
XSS
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-24919
5.4 - Medium
- March 14, 2023
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
XSS
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-24920
5.4 - Medium
- March 14, 2023
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
XSS
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-24921
5.4 - Medium
- March 14, 2023
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
XSS
Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability
CVE-2023-21778
8 - High
- February 14, 2023
Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-21573
5.4 - Medium
- February 14, 2023
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
XSS
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-21572
6.5 - Medium
- February 14, 2023
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
XSS
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-21571
5.4 - Medium
- February 14, 2023
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
XSS
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-21570
5.4 - Medium
- February 14, 2023
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
XSS
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2023-21807
6.5 - Medium
- February 14, 2023
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
XSS
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability
CVE-2022-35805
8.8 - High
- September 13, 2022
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-34700.
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability
CVE-2022-34700
8.8 - High
- September 13, 2022
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-35805.
SQL Injection
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability.
CVE-2022-23259
8.8 - High
- April 15, 2022
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability.
Improper Privilege Management
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability.
CVE-2022-21957
7.2 - High
- February 09, 2022
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability.
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability.
CVE-2022-21932
5.4 - Medium
- January 11, 2022
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability.
XSS
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2021-42316
8.8 - High
- November 10, 2021
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
CVE-2021-40457
6.1 - Medium
- October 13, 2021
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
XSS
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
CVE-2021-41353
3.5 - Low
- October 13, 2021
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2021-41354
5.4 - Medium
- October 13, 2021
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
XSS
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2021-36950
5.4 - Medium
- August 12, 2021
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
XSS
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
CVE-2021-34524
8.8 - High
- August 12, 2021
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
Dynamics Finance and Operations Cross-site Scripting Vulnerability
CVE-2021-28461
5.4 - Medium
- May 11, 2021
Dynamics Finance and Operations Cross-site Scripting Vulnerability
XSS
Microsoft Dataverse Information Disclosure Vulnerability
CVE-2021-24101
6.5 - Medium
- February 25, 2021
Microsoft Dataverse Information Disclosure Vulnerability
Information Disclosure
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
CVE-2020-17158
8.8 - High
- December 10, 2020
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17152.
Code Injection
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
CVE-2020-17152
8.8 - High
- December 10, 2020
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17158.
Code Injection
Dynamics CRM Webclient Cross-site Scripting Vulnerability
CVE-2020-17147
5.4 - Medium
- December 10, 2020
Dynamics CRM Webclient Cross-site Scripting Vulnerability
XSS
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2020-17021
5.4 - Medium
- November 11, 2020
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17005, CVE-2020-17006, CVE-2020-17018.
XSS
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2020-17018
5.4 - Medium
- November 11, 2020
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17005, CVE-2020-17006, CVE-2020-17021.
XSS
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVE-2020-17005
5.4 - Medium
- November 11, 2020
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability This CVE ID is unique from CVE-2020-17006, CVE-2020-17018, CVE-2020-17021.
XSS
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server
CVE-2020-16978
5.4 - Medium
- October 16, 2020
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16956.
XSS
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server
CVE-2020-16956
5.4 - Medium
- October 16, 2020
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-16978.
XSS
An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce
CVE-2020-16943
6.5 - Medium
- October 16, 2020
An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce, aka 'Dynamics 365 Commerce Elevation of Privilege Vulnerability'.
AuthZ
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server
CVE-2020-16860
8.8 - High
- September 11, 2020
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka 'Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16862.
Improper Input Validation
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server
CVE-2020-16862
8.8 - High
- September 11, 2020
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka 'Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16860.
Improper Input Validation
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server
CVE-2020-1591
5.4 - Medium
- August 17, 2020
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
XSS
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server
CVE-2020-1063
5.4 - Medium
- May 21, 2020
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
XSS
An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server
CVE-2018-8654
6.5 - Medium
- January 24, 2020
An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'.
Improper Privilege Management
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server
CVE-2020-0656
5.4 - Medium
- January 14, 2020
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
XSS
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server
CVE-2019-1375
5.4 - Medium
- October 10, 2019
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.
XSS
An elevation of privilege vulnerability exists in Dynamics On-Premise v9
CVE-2019-1229
8.8 - High
- August 14, 2019
An elevation of privilege vulnerability exists in Dynamics On-Premise v9, aka 'Dynamics On-Premise Elevation of Privilege Vulnerability'.
A security feature bypass vulnerability exists in Dynamics On Premise
CVE-2019-1008
5.9 - Medium
- May 16, 2019
A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'.
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server
CVE-2018-8605
5.4 - Medium
- November 14, 2018
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8606, CVE-2018-8607, CVE-2018-8608.
XSS
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server
CVE-2018-8609
8.8 - High
- November 14, 2018
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365.
Output Sanitization
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server
CVE-2018-8608
5.4 - Medium
- November 14, 2018
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8607.
XSS
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server
CVE-2018-8607
5.4 - Medium
- November 14, 2018
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8608.
XSS
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server
CVE-2018-8606
5.4 - Medium
- November 14, 2018
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8607, CVE-2018-8608.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Dynamics 365 or by Microsoft? Click the Watch button to subscribe.
