Unauthorized Access to Elevated Privileges in Microsoft Dynamics 365
CVE-2024-38182
9.8CRITICAL
Key Information:
- Vendor
- Microsoft
- Vendor
- CVE Published:
- 31 July 2024
Summary
A vulnerability exists in Microsoft Dynamics 365 due to weak authentication mechanisms that permit an unauthenticated attacker to gain elevated privileges. This weakness can be exploited over a network, posing a risk to sensitive information and the overall security posture of the systems utilizing Dynamics 365. It is crucial for organizations to address this vulnerability to maintain the integrity of their business processes and protect against potential unauthorized access.
Affected Version(s)
Dynamics 365 Field Service (on-premises) v7 series Unknown
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published