Microsoft Dynamics 365 Sales Spoofing Vulnerability: What You Need to Know
CVE-2024-21328

7.6HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Dynamics 365 (on-premises) Version 9.1
Vendor: CVE Published:; 13 February 2024

What is CVE-2024-21328?

The spoofing vulnerability in Dynamics 365 Sales allows attackers to impersonate legitimate users, potentially gaining unauthorized access to sensitive information and operating within the application as if they were a trusted entity. Exploitation of this vulnerability could lead to manipulation of data or services, creating significant risks for organizations that rely on this CRM platform for customer engagement and sales operations. Vigilance in monitoring and applying security patches is essential to mitigate associated risks.

Affected Version(s)

Microsoft Dynamics 365 (on-premises) version 9.1 Unknown 9.0 < 9.1.25.17

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Dec 8, 2023