CVE-2021-40457: Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

Overview

Severity

High (CVSS 7.4)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:F/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2021-Oct

Released

2021-10-12

Last Updated

2021-10-13

EPSS Score

0.70% (percentile: 72.0%)

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user would have to open a maliciously crafted email sent to Dynamics 365 Customer Engagement.

Affected Products (2)

Microsoft Dynamics

• Microsoft Dynamics 365 Customer Engagement V9.1
• Microsoft Dynamics 365 Customer Engagement V9.0

Security Updates (2)

• 4618810
• 4618795

Acknowledgments

<a href="https://www.prodwaregroup.com/es-es/">Prodware</a>

Revision History

• 2021-10-12: Information published.
• 2021-10-13: Added an acknowledgement. This is an informational change only.