Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2024-30061

7.3HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Dynamics 365 (on-premises) Version 9.1
Vendor: CVE Published:; 9 July 2024

Summary

An information disclosure vulnerability in Microsoft Dynamics 365 (On-Premises) could allow unauthorized users to access sensitive data. An attacker who successfully exploits this vulnerability could gain access to confidential information that should otherwise be protected from exposure. Organizations using Microsoft Dynamics 365 must be vigilant about their deployment and access controls to mitigate potential risks associated with this flaw.

Affected Version(s)

Microsoft Dynamics 365 (on-premises) version 9.1 Unknown 9.0 < 9.1.28.09

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed