CVE-2023-24922
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
In short
A flaw in Microsoft Dynamics 365 (On-Premises) allows unauthorized users to access sensitive information they shouldn't see. An attacker with basic access to the system could read confidential data without proper authorization.
Technical detail
CWE-643 (Improper Neutralization of Data Queries) in Dynamics 365 On-Premises allows information disclosure through insufficient access controls. An authenticated attacker can bypass query restrictions to access sensitive data; the vulnerability requires existing system access but results in unauthorized information exposure.
Summary generated and translated by AI from the official description.
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft Dynamics 365 (on-premises) version 9.0Microsoft · Microsoft Dynamics 365 (on-premises) version 9.1Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →