CVE-2019-1229

Published: Aug 14, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker needs to have credentials for a user that has permission to author customized business rules in Dynamics, and persist XAML script in a way that causes it to be interpreted as code. The update addresses the vulnerability by restricting XAML activities to a whitelisted set.

Vendor	Product	Versions
Microsoft	Microsoft Dynamics 365 (on-premises) version 9.0	affected `9.0.0 - < publication`

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1229

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-1229

Description

Affected Products

References