Unauthorized Access to Elevated Privileges in Microsoft Dynamics 365
CVE-2024-38182

9CRITICAL

Key Information:

Vendor: Microsoft
Status: Dynamics 365 Field Service (on-premises) V7 Series
Vendor: CVE Published:; 31 July 2024

What is CVE-2024-38182?

A vulnerability exists in Microsoft Dynamics 365 due to weak authentication mechanisms that permit an unauthenticated attacker to gain elevated privileges. This weakness can be exploited over a network, posing a risk to sensitive information and the overall security posture of the systems utilizing Dynamics 365. It is crucial for organizations to address this vulnerability to maintain the integrity of their business processes and protect against potential unauthorized access.

Affected Version(s)

Dynamics 365 Field Service (on-premises) v7 series Unknown

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2024