Microsoft Dynamics 365 Customer Insights Spoofing Vulnerability
CVE-2024-30048

7.6HIGH

Key Information:

Vendor: Microsoft
Status: Dynamics 365
Vendor: CVE Published:; 14 May 2024

Summary

A spoofing vulnerability exists in Dynamics 365 Customer Insights, allowing an attacker to forge requests with the potential to impersonate legitimate users. This vulnerability may lead to unauthorized access or manipulation of sensitive information within the application. Microsoft has provided guidance for organizations to remediate this issue and enhance their security posture against this type of attack.

Affected Version(s)

Dynamics 365 Unknown 10.0.0 < 1.38813.80

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Mar 22, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed