Vulnerabilities > CVE-2019-1229 - Unspecified vulnerability in Microsoft Dynamics 365 9.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker needs to have credentials for a user that has permission to author customized business rules in Dynamics, and persist XAML script in a way that causes it to be interpreted as code. The update addresses the vulnerability by restricting XAML activities to a whitelisted set.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Windows |
| NASL id | SMB_NT_MS19_AUG_MICROSOFT_DYNAMICS.NASL |
| description | The Microsoft Dynamics 365 (on-premises) install is missing a security update. It is, therefore, affected by the following vulnerability : - An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. (CVE-2019-1229) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 127861 |
| published | 2019-08-14 |
| reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/127861 |
| title | Security Updates for Microsoft Dynamics 365 (on-premises) (August 2019) |