cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-49053,https://securityvulnerability.io/vulnerability/CVE-2024-49053,Spoofing Vulnerability in Microsoft Dynamics 365 Sales,"CVE-2024-49053 is a spoofing vulnerability in Microsoft Dynamics 365 Sales, which could allow an attacker to impersonate other users and manipulate communications within the application. This exploitation may lead to unauthorized access and manipulation of sensitive data. Organizations using this platform should apply necessary security patches and monitor their systems for any unusual activity to mitigate potential risks.",Microsoft,"Dynamics 365 Sales For Android,Dynamics 365 Sales For iOS",7.6,HIGH,0.0004900000058114529,false,true,false,true,,false,false,2024-11-26T20:15:00.000Z,0
CVE-2024-43460,https://securityvulnerability.io/vulnerability/CVE-2024-43460,Dynamics 365 Business Central Elevation of Privilege Vulnerability,"An improper authorization vulnerability has been identified in Dynamics 365 Business Central, a cloud-based ERP solution from Microsoft. This vulnerability allows an authenticated attacker to escalate their privileges over a network, which could lead to unauthorized access to sensitive information or system functionalities. Users are advised to apply the latest security updates to mitigate the risk associated with this vulnerability.",Microsoft,Dynamics 365 Business Central Online,8.8,HIGH,0.00046999999904073775,false,false,false,false,,false,false,2024-09-17T19:15:00.000Z,0
CVE-2024-43476,https://securityvulnerability.io/vulnerability/CVE-2024-43476,Cross-site Scripting Vulnerability in Microsoft Dynamics 365 (on-premises),Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability,Microsoft,Microsoft Dynamics 365 (on-premises) Version 9.1,5.4,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2024-09-10T16:54:17.526Z,0
CVE-2024-38225,https://securityvulnerability.io/vulnerability/CVE-2024-38225,Elevation of Privilege Vulnerability,"An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Business Central, potentially allowing an attacker to gain unauthorized access to sensitive functionalities within the application. This vulnerability can be exploited by malicious individuals to manipulate the behavior of the application and access resources that should be restricted, compromising the integrity and confidentiality of the environment. It is essential for users of Dynamics 365 Business Central to apply the necessary patches released by Microsoft to mitigate the risk associated with this vulnerability. For more detailed information, refer to the Microsoft advisory.",Microsoft,"Microsoft Dynamics 365 Business Central 2023 Release Wave 1,Microsoft Dynamics 365 Business Central 2024 Release Wave 1,Microsoft Dynamics 365 Business Central 2023 Release Wave 2",9.8,CRITICAL,0.0014199999859556556,false,false,false,false,,false,false,2024-09-10T16:53:56.595Z,0
CVE-2024-38211,https://securityvulnerability.io/vulnerability/CVE-2024-38211,Cross-site Scripting Vulnerability Impacts Dynamics 365 (on-premises),"A cross-site scripting vulnerability in Microsoft Dynamics 365 (on-premises) enables an attacker to inject arbitrary web script or HTML into a user's browser session. This could lead to unauthorized actions or exposure of sensitive information, as affected users may be tricked into executing scripts that compromise their security. It is crucial for organizations using Microsoft Dynamics 365 on-premises to apply necessary patches and updates to mitigate potential exploitation of this vulnerability.",Microsoft,Microsoft Dynamics 365 (on-premises) Version 9.1,8.2,HIGH,0.0014900000533089042,false,false,false,false,,false,false,2024-08-13T17:30:34.256Z,0
CVE-2024-38182,https://securityvulnerability.io/vulnerability/CVE-2024-38182,Unauthorized Access to Elevated Privileges in Microsoft Dynamics 365,"A vulnerability exists in Microsoft Dynamics 365 due to weak authentication mechanisms that permit an unauthenticated attacker to gain elevated privileges. This weakness can be exploited over a network, posing a risk to sensitive information and the overall security posture of the systems utilizing Dynamics 365. It is crucial for organizations to address this vulnerability to maintain the integrity of their business processes and protect against potential unauthorized access.",Microsoft,Dynamics 365 Field Service (on-premises) V7 Series,9,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-07-31T23:15:00.000Z,0
CVE-2024-30061,https://securityvulnerability.io/vulnerability/CVE-2024-30061,Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability,An information disclosure vulnerability in Microsoft Dynamics 365 (On-Premises) could allow unauthorized users to access sensitive data. An attacker who successfully exploits this vulnerability could gain access to confidential information that should otherwise be protected from exposure. Organizations using Microsoft Dynamics 365 must be vigilant about their deployment and access controls to mitigate potential risks associated with this flaw.,Microsoft,Microsoft Dynamics 365 (on-premises) Version 9.1,7.3,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-07-09T17:15:00.000Z,0
CVE-2024-35263,https://securityvulnerability.io/vulnerability/CVE-2024-35263,Microsoft Dynamics 365 On-Premises Information Disclosure Vulnerability,Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability,Microsoft,Microsoft Dynamics 365 (on-premises) Version 9.1,5.7,MEDIUM,0.0035099999513477087,false,false,false,false,,false,false,2024-06-11T17:00:08.880Z,0
CVE-2024-35249,https://securityvulnerability.io/vulnerability/CVE-2024-35249,Remote Code Execution Vulnerability Affects Microsoft Dynamics 365 Business Central,"The vulnerability in Microsoft Dynamics 365 Business Central enables remote code execution, allowing attackers to potentially execute arbitrary code on the server hosting the application. This risk arises due to improper validation of user input, which may be exploited to gain control over affected installations. Organizations utilizing Microsoft Dynamics 365 Business Central should assess their systems and apply necessary updates to mitigate this vulnerability. For detailed information and mitigation strategies, refer to the Microsoft security advisory.",Microsoft,"Microsoft Dynamics 365 Business Central 2024 Release Wave 1,Microsoft Dynamics 365 Business Central 2023 Release Wave 1,Microsoft Dynamics 365 Business Central 2023 Release Wave 2",8.8,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2024-06-11T17:00:06.410Z,0
CVE-2024-35248,https://securityvulnerability.io/vulnerability/CVE-2024-35248,Elevation of Privilege Vulnerability Affects Business Central,"The vulnerability within Microsoft Dynamics 365 Business Central pertains to an elevation of privilege, which may allow attackers to gain unauthorized access to sensitive functionalities of the application. This situation arises from improper validation of user permissions, enabling exploiters to perform actions that they are otherwise not authorized to carry out. It is essential for users and administrators to assess their deployments and take necessary mitigation steps to safeguard their environments from potential exploitation.",Microsoft,"Microsoft Dynamics 365 Business Central 2023 Release Wave 1,Microsoft Dynamics 365 Business Central 2023 Release Wave 2,Microsoft Dynamics 365 Business Central 2024 Release Wave 1",7.3,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2024-06-11T17:00:05.663Z,0
CVE-2024-30048,https://securityvulnerability.io/vulnerability/CVE-2024-30048,Microsoft Dynamics 365 Customer Insights Spoofing Vulnerability,"A spoofing vulnerability exists in Dynamics 365 Customer Insights, allowing an attacker to forge requests with the potential to impersonate legitimate users. This vulnerability may lead to unauthorized access or manipulation of sensitive information within the application. Microsoft has provided guidance for organizations to remediate this issue and enhance their security posture against this type of attack.",Microsoft,Dynamics 365,7.6,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T16:57:31.297Z,0
CVE-2024-30047,https://securityvulnerability.io/vulnerability/CVE-2024-30047,Microsoft Dynamics 365 Customer Insights Spoofing Vulnerability,"The vulnerability in Dynamics 365 Customer Insights exposes users to potential spoofing attacks, enabling malicious actors to impersonate legitimate users. This can lead to unauthorized access and manipulation of sensitive data, compromising the integrity and confidentiality of customer insights. Organizations utilizing Dynamics 365 Customer Insights must assess their security posture and implement protective measures to mitigate risks associated with this vulnerability.",Microsoft,Dynamics 365,7.6,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-14T16:57:30.764Z,0
CVE-2024-21419,https://securityvulnerability.io/vulnerability/CVE-2024-21419,Cross-site Scripting Vulnerability Affects Microsoft Dynamics 365 (On-premises),"A cross-site scripting vulnerability exists in Microsoft Dynamics 365 (on-premises) that could allow an attacker to execute arbitrary scripts in the context of a user's session. By exploiting this vulnerability, an unauthorized user could potentially gain access to sensitive information, manipulate user sessions, or redirect users to malicious websites. It is essential for organizations using affected versions of Microsoft Dynamics 365 to assess their security posture and apply the necessary mitigations to prevent exploitation.",Microsoft,Microsoft Dynamics 365 (on-premises) Version 9.1,7.6,HIGH,0.0005099999834783375,false,false,false,false,,false,false,2024-03-12T16:58:00.401Z,0
CVE-2024-21395,https://securityvulnerability.io/vulnerability/CVE-2024-21395,Cross-site Scripting Vulnerability Affects Microsoft Dynamics 365 (On-premises),"The Microsoft Dynamics 365 (on-premises) Cross-site Scripting vulnerability presents significant security risks for user data and sessions. This vulnerability can allow attackers to inject malicious scripts into web pages, potentially compromising user interactions and allowing unauthorized access to sensitive information. Organizations utilizing this product must prioritize security measures to mitigate the risks associated with this vulnerability.",Microsoft,Microsoft Dynamics 365 (on-premises) Version 9.1,8.2,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2024-02-13T18:02:45.175Z,0
CVE-2024-21380,https://securityvulnerability.io/vulnerability/CVE-2024-21380,Information Disclosure Vulnerability,"An information disclosure vulnerability exists in Microsoft Dynamics Business Central and NAV, which can potentially expose sensitive data to unauthorized users. This vulnerability stems from improper handling of user requests, allowing an attacker to gain access to confidential information. Organizations utilizing these platforms should take immediate action to assess their system configurations and apply relevant security updates to mitigate the risks associated with this vulnerability.",Microsoft,"Microsoft Dynamics 365 Business Central 2022 Release Wave 2,Microsoft Dynamics 365 Business Central 2023 Release Wave 1,Microsoft Dynamics 365 Business Central 2023 Release Wave 2",8,HIGH,0.0035099999513477087,false,false,false,false,,false,false,2024-02-13T18:02:43.563Z,0
CVE-2024-21328,https://securityvulnerability.io/vulnerability/CVE-2024-21328,Microsoft Dynamics 365 Sales Spoofing Vulnerability: What You Need to Know,"The spoofing vulnerability in Dynamics 365 Sales allows attackers to impersonate legitimate users, potentially gaining unauthorized access to sensitive information and operating within the application as if they were a trusted entity. Exploitation of this vulnerability could lead to manipulation of data or services, creating significant risks for organizations that rely on this CRM platform for customer engagement and sales operations. Vigilance in monitoring and applying security patches is essential to mitigate associated risks.",Microsoft,Microsoft Dynamics 365 (on-premises) Version 9.1,7.6,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-02-13T18:02:28.777Z,0
CVE-2024-21396,https://securityvulnerability.io/vulnerability/CVE-2024-21396,Dynamics 365 Sales Spoofing Vulnerability,"The vulnerability in Dynamics 365 Sales allows an attacker to spoof legitimate users, potentially leading to unauthorized access and manipulation of sensitive data. This could compromise user authentication processes, resulting in significant security risks often associated with identity verification failures. As organizations increasingly rely on cloud services for critical operations, awareness and prompt mitigation of such vulnerabilities are crucial for safeguarding data integrity and user trust.",Microsoft,Microsoft Dynamics 365 (on-premises) Version 9.1,7.6,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-02-13T18:02:22.505Z,0
CVE-2024-21394,https://securityvulnerability.io/vulnerability/CVE-2024-21394,Dynamics 365 Field Service Spoofing Vulnerability,"The Dynamics 365 Field Service software from Microsoft is impacted by a spoofing vulnerability that allows attackers to impersonate legitimate users, leading to potential unauthorized actions within the application. This vulnerability poses a significant risk for organizations relying on Dynamics 365 Field Service to manage their operations, as it could lead to compromised data integrity and unauthorized access. Immediate attention and remediation are recommended to mitigate potential security risks associated with this vulnerability.",Microsoft,Microsoft Dynamics 365 (on-premises) Version 9.1,7.6,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-02-13T18:02:21.915Z,0
CVE-2024-21393,https://securityvulnerability.io/vulnerability/CVE-2024-21393,Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability,"A Cross-site Scripting vulnerability in Microsoft Dynamics 365 (on-premises) allows attackers to inject malicious scripts into web pages viewed by users. This vulnerability can lead to unauthorized access to sensitive information, session hijacking, or further exploitation of the affected environment. It is crucial for users of affected versions to implement appropriate security measures to mitigate potential attacks. Regular monitoring and applying security updates as recommended by the vendor are vital for maintaining the integrity and security of your systems.",Microsoft,Microsoft Dynamics 365 (on-premises) Version 9.1,7.6,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2024-02-13T18:02:21.317Z,0
CVE-2024-21389,https://securityvulnerability.io/vulnerability/CVE-2024-21389,Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability,"Microsoft Dynamics 365 (on-premises) is affected by a Cross-site Scripting vulnerability that can allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions. This vulnerability can be exploited if an attacker manages to convince a user to click on a specially crafted link. Timely application of security updates is crucial to mitigate the risks associated with this vulnerability.",Microsoft,Microsoft Dynamics 365 (on-premises) Version 9.1,7.6,HIGH,0.0004799999878741801,false,false,false,false,,false,false,2024-02-13T18:02:20.755Z,0
CVE-2024-21327,https://securityvulnerability.io/vulnerability/CVE-2024-21327,Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability,"The vulnerability in Microsoft Dynamics 365 Customer Engagement allows an attacker to execute arbitrary scripts within the context of a user’s session. This type of cross-site scripting issue can compromise user data and facilitate unauthorized actions, posing significant security threats for organizations utilizing this platform. Secure coding practices and regular updates are essential to mitigate risks associated with this vulnerability.",Microsoft,Microsoft Dynamics 365 Customer Engagement V9.1,7.6,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-02-13T18:02:08.291Z,0
CVE-2023-36020,https://securityvulnerability.io/vulnerability/CVE-2023-36020,Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability,Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability,Microsoft,"Microsoft Dynamics 365 (on-premises) Version 9.1,Microsoft Dynamics 365 (on-premises) Version 9.0",7.6,HIGH,0.0005200000014156103,false,false,false,false,,false,false,2023-12-12T18:15:00.000Z,0
CVE-2023-35621,https://securityvulnerability.io/vulnerability/CVE-2023-35621,Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability,Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability,Microsoft,Dynamics 365 For Finance And Operations,7.5,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2023-12-12T18:15:00.000Z,0
CVE-2023-36007,https://securityvulnerability.io/vulnerability/CVE-2023-36007,Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability,Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability,Microsoft,Send Customer Voice Survey From Dynamics 365 App,7.6,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2023-11-14T21:15:00.000Z,0
CVE-2023-36016,https://securityvulnerability.io/vulnerability/CVE-2023-36016,Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability,Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability,Microsoft,"Microsoft Dynamics 365 (on-premises) Version 9.0,Microsoft Dynamics 365 (on-premises) Version 9.1",6.2,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2023-11-14T18:15:00.000Z,0