Dynamics 365
CVE-2018-8609
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365.
AnalysisAI
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-116. A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365. Affected products include: Microsoft Dynamics 365. Version information: version 8.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Dynamics 365
View allWeak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. R
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerabi
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerabi
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerabili
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerabili
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability. Rated high severity
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability. Rated high severity
An elevation of privilege vulnerability exists in Dynamics On-Premise v9. Rated high severity (CVSS 8.8), this vulnerabi
Dynamics CRM Webclient Cross-site Scripting Vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotel
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated high severity (CVSS 8.2), this vulnerabil
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated high severity (CVSS 8.2), this vulnerabil
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated high severity (CVSS 8.2), this vulnerabil
Same weakness CWE-116 – Improper Encoding or Escaping of Output
View allShare
External POC / Exploit Code
Leaving vuln.today