Vulnerabilities > CVE-2020-16943 - Unspecified vulnerability in Microsoft Dynamics 365

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

microsoft

NVD

Published: 2020-10-16

Updated: 2023-12-31

Summary

An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce. An unauthenticated attacker who successfully exploited this vulnerability could update data without proper authorization. To exploit the vulnerability, an attacker would need to send a specially crafted request to an affected server. The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 Commerce performs authorization checks.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Dynamics 365 -	1

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16943