Dynamics 365
CVE-2022-34700
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability
AnalysisAI
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability Affected products include: Microsoft Dynamics 365.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Dynamics 365
View allWeak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. R
Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerabi
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerabili
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerabili
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability. Rated high severity
Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability. Rated high severity
An elevation of privilege vulnerability exists in Dynamics On-Premise v9. Rated high severity (CVSS 8.8), this vulnerabi
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to
Dynamics CRM Webclient Cross-site Scripting Vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotel
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated high severity (CVSS 8.2), this vulnerabil
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated high severity (CVSS 8.2), this vulnerabil
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated high severity (CVSS 8.2), this vulnerabil
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today