Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2024-30061

7.3HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Dynamics 365 (on-premises) Version 9.1
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-30061?

An information disclosure vulnerability in Microsoft Dynamics 365 (On-Premises) could allow unauthorized users to access sensitive data. An attacker who successfully exploits this vulnerability could gain access to confidential information that should otherwise be protected from exposure. Organizations using Microsoft Dynamics 365 must be vigilant about their deployment and access controls to mitigate potential risks associated with this flaw.

Affected Version(s)

Microsoft Dynamics 365 (on-premises) version 9.1 Unknown 9.0 < 9.1.28.09

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024