CVE-2023-36433
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
In short
A vulnerability in Microsoft Dynamics 365 on-premises allows unauthorized users to access sensitive information that should be restricted. This happens due to improper access controls, potentially exposing confidential business data.
Technical detail
CWE-643 (XML External Entity Processing) enables information disclosure in Dynamics 365 on-premises through improper authorization checks. An authenticated attacker can exploit insufficient access control mechanisms to retrieve sensitive data; mitigation requires proper access validation and security configuration review.
Summary generated and translated by AI from the official description.
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft Dynamics 365 (on-premises) version 9.0Microsoft · Microsoft Dynamics 365 (on-premises) version 9.1Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →