CVE-2023-36566: Microsoft Common Data Model SDK Denial of Service Vulnerability

Overview

Severity

Medium (CVSS 6.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Category

Denial of Service

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2023-Oct

Released

2023-10-10

EPSS Score

9.69% (percentile: 92.9%)

FAQ

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

Affected Products (4)

Microsoft Dynamics

• Microsoft Common Data Model SDK for Java
• Microsoft Common Data Model SDK for TypeScript
• Microsoft Common Data Model SDK for Python
• Microsoft Common Data Model SDK for C#

Security Updates (4)

• Release Notes
• Release Notes
• Release Notes
• Release Notes

Acknowledgments

Degant Puri, Scott Gorlick

Revision History

• 2023-10-10: Information published.