CVE-2023-36429

Published: Oct 10, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: secure@microsoft.com (Secondary)

Description

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Affected (2)

Products: Microsoft: Dynamics 365

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Dynamics 365	From 9.0 to 9.0.50.03
Microsoft Dynamics 365	From 9.1 to 9.1.22.04

Related CWEs

Improper Neutralization of Data within XPath Expressions ('XPath Injection')

The product uses external input to dynamically construct an XPath expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36429

Source: secure@microsoft.com

PatchVendor Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36429

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.