CVE-2023-36429
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
In short
Microsoft Dynamics 365 (On-Premises) allows unauthorized users to access sensitive information they shouldn't be able to see. This matters because confidential business data could be exposed without proper authentication.
Technical detail
An information disclosure vulnerability in Microsoft Dynamics 365 (On-Premises) permits unauthenticated or low-privileged attackers to retrieve sensitive data through improper access controls. The vulnerability stems from insufficient validation of user permissions, allowing bypass of data classification protections without requiring exploitation of additional components.
Summary generated and translated by AI from the official description.
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Affected products
Microsoft · Microsoft Dynamics 365 (on-premises) version 9.0Microsoft · Microsoft Dynamics 365 (on-premises) version 9.1Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →