Microsoft Dynamics 365 Customer Insights Spoofing Vulnerability
CVE-2024-30048

4.1MEDIUM

Key Information:

Vendor: Microsoft
Status: Dynamics 365
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-30048?

A spoofing vulnerability exists in Dynamics 365 Customer Insights, allowing an attacker to forge requests with the potential to impersonate legitimate users. This vulnerability may lead to unauthorized access or manipulation of sensitive information within the application. Microsoft has provided guidance for organizations to remediate this issue and enhance their security posture against this type of attack.

Affected Version(s)

Dynamics 365 Unknown 10.0.0 < 1.38813.80

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Mar 22, 2024