Vulnerability Details CVE-2020-16857
<p>A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server.</p>
<p>An authenticated attacker with privileges to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server.</p>
<p>The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 handles user input.</p>
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.5%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 6.5
References
Products affected by CVE-2020-16857
-
cpe:2.3:a:microsoft:dynamics_365_for_finance_and_operations:10.0.11