CVE-2020-16857 HIGH

CVE-2020-16857: Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability

Vendor Microsoft
Product Dynamics 365 for Finance and Operations
Published September 11, 2020
Last update August 4, 2024

CVSS base score

7.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N/E:P/RL:O/RC:C

What the vulnerability does

01Description

<p>A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server.</p> <p>An authenticated attacker with privileges to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 handles user input.</p>

Key dates

02Disclosure timeline

September 11, 2020 CVE published
August 4, 2024 Record updated