CVE-2021-24101: Microsoft Dataverse Information Disclosure Vulnerability

Overview

Severity

Medium (CVSS 6.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C

Category

Information Disclosure

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2021-Feb

Released

2021-02-09

EPSS Score

12.33% (percentile: 93.9%)

FAQ

What type of information could be disclosed by this vulnerability? This vulnerability discloses data stored in the underlying datasets in Dataverse, that could include Personal Identifiable Information.

Affected Products (2)

Microsoft Dynamics

• Microsoft Dynamics 365 (on-premises) version 8.2
• Microsoft Dynamics 365 (on-premises) version 9.0

Security Updates (2)

• 4595463
• 4595460

Acknowledgments

<a href="https://www.prodwaregroup.com/es-es/">Prodware</a>

Revision History

• 2021-02-09: Information published.