CVE | Published | Severity | Details | Exploitability | Impact | Vector |
CVE‑2024‑43476 | 2024‑09‑10 17:15:36 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2024‑38211 | 2024‑08‑13 18:15:30 | HIGH (8) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 3 | 5 | NETWORK |
CVE‑2024‑35263 | 2024‑06‑11 17:16:04 | MEDIUM (6) | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 2 | 4 | NETWORK |
CVE‑2024‑30061 | 2024‑07‑09 17:15:16 | HIGH (7) | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 2 | 5 | NETWORK |
CVE‑2024‑21396 | 2024‑02‑13 18:15:58 | HIGH (8) | Dynamics 365 Sales Spoofing Vulnerability | 2 | 5 | NETWORK |
CVE‑2024‑21395 | 2024‑02‑13 18:15:58 | HIGH (8) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 3 | 5 | NETWORK |
CVE‑2024‑21394 | 2024‑02‑13 18:15:57 | HIGH (8) | Dynamics 365 Field Service Spoofing Vulnerability | 2 | 5 | NETWORK |
CVE‑2024‑21393 | 2024‑02‑13 18:15:57 | HIGH (8) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 5 | NETWORK |
CVE‑2024‑21389 | 2024‑02‑13 18:15:57 | HIGH (8) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 5 | NETWORK |
CVE‑2024‑21328 | 2024‑02‑13 18:15:49 | HIGH (8) | Dynamics 365 Sales Spoofing Vulnerability | 2 | 5 | NETWORK |
CVE‑2024‑21327 | 2024‑02‑13 18:15:49 | HIGH (8) | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | 2 | 5 | NETWORK |
CVE‑2023‑38164 | 2023‑09‑12 17:15:24 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2023‑36886 | 2023‑09‑12 17:15:16 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2023‑36800 | 2023‑09‑12 17:15:15 | MEDIUM (5) | Dynamics Finance and Operations Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2023‑36433 | 2023‑10‑10 18:15:13 | MEDIUM (7) | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 3 | 4 | NETWORK |
CVE‑2023‑36429 | 2023‑10‑10 18:15:12 | MEDIUM (7) | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 3 | 4 | NETWORK |
CVE‑2023‑36416 | 2023‑10‑10 18:15:12 | MEDIUM (6) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 3 | 3 | NETWORK |
CVE‑2023‑36410 | 2023‑11‑14 18:15:44 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2023‑36031 | 2023‑11‑14 18:15:32 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2023‑36030 | 2023‑11‑14 18:15:32 | MEDIUM (6) | Microsoft Dynamics 365 Sales Spoofing Vulnerability | 3 | 3 | NETWORK |
CVE‑2023‑36020 | 2023‑12‑12 18:15:22 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2023‑36016 | 2023‑11‑14 18:15:31 | LOW (3) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 1 | NETWORK |
CVE‑2023‑35621 | 2023‑12‑12 18:15:17 | HIGH (8) | Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability | 4 | 4 | NETWORK |
CVE‑2023‑35389 | 2023‑08‑08 18:15:14 | MEDIUM (7) | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | 2 | 4 | NETWORK |
CVE‑2023‑35335 | 2023‑07‑11 18:15:18 | HIGH (8) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 3 | 5 | NETWORK |
CVE‑2023‑33171 | 2023‑07‑11 18:15:16 | MEDIUM (6) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 3 | 3 | NETWORK |
CVE‑2023‑28314 | 2023‑04‑11 21:15:29 | MEDIUM (6) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 3 | 3 | NETWORK |
CVE‑2023‑28309 | 2023‑04‑11 21:15:28 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2023‑24922 | 2023‑03‑14 17:15:19 | MEDIUM (7) | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 3 | 4 | NETWORK |
CVE‑2023‑24921 | 2023‑03‑14 17:15:19 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2023‑24920 | 2023‑03‑14 17:15:19 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2023‑24919 | 2023‑03‑14 17:15:19 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2023‑24896 | 2023‑07‑14 18:15:09 | MEDIUM (5) | Dynamics 365 Finance Spoofing Vulnerability | 2 | 3 | NETWORK |
CVE‑2023‑24891 | 2023‑03‑14 17:15:18 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2023‑24879 | 2023‑03‑14 17:15:18 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2023‑21807 | 2023‑02‑14 20:15:16 | MEDIUM (7) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 1 | 5 | NETWORK |
CVE‑2023‑21778 | 2023‑02‑14 21:15:11 | HIGH (8) | Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerability | 1 | 6 | NETWORK |
CVE‑2023‑21573 | 2023‑02‑14 20:15:12 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2023‑21572 | 2023‑02‑14 20:15:12 | MEDIUM (7) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 4 | NETWORK |
CVE‑2023‑21571 | 2023‑02‑14 20:15:12 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2023‑21570 | 2023‑02‑14 20:15:12 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2022‑35805 | 2022‑09‑13 19:15:11 | HIGH (9) | Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | 3 | 6 | NETWORK |
CVE‑2022‑34700 | 2022‑09‑13 19:15:10 | HIGH (9) | Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | 3 | 6 | NETWORK |
CVE‑2022‑23259 | 2022‑04‑15 19:15:10 | HIGH (9) | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | 3 | 6 | NETWORK |
CVE‑2022‑21957 | 2022‑02‑09 17:15:08 | HIGH (7) | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | 1 | 6 | NETWORK |
CVE‑2022‑21932 | 2022‑01‑11 21:15:14 | MEDIUM (5) | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2021‑42316 | 2021‑11‑10 01:19:49 | HIGH (9) | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | 3 | 6 | NETWORK |
CVE‑2021‑41354 | 2021‑10‑13 01:15:14 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2021‑41353 | 2021‑10‑13 01:15:14 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability | 2 | 3 | NETWORK |
CVE‑2021‑40457 | 2021‑10‑13 01:15:10 | HIGH (7) | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | 3 | 4 | NETWORK |
CVE‑2021‑36950 | 2021‑08‑12 18:15:10 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2021‑34524 | 2021‑08‑12 18:15:09 | HIGH (8) | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | 3 | 5 | NETWORK |
CVE‑2021‑28461 | 2021‑05‑11 19:15:09 | MEDIUM (6) | Dynamics Finance and Operations Cross-site Scripting Vulnerability | 2 | 4 | ADJACENT_NETWORK |
CVE‑2021‑24101 | 2021‑02‑25 23:15:16 | MEDIUM (7) | Microsoft Dataverse Information Disclosure Vulnerability | 3 | 4 | NETWORK |
CVE‑2020‑17158 | 2020‑12‑10 00:15:17 | HIGH (9) | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | 3 | 6 | NETWORK |
CVE‑2020‑17152 | 2020‑12‑10 00:15:16 | HIGH (9) | Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability | 3 | 6 | NETWORK |
CVE‑2020‑17147 | 2020‑12‑10 00:15:16 | HIGH (9) | Dynamics CRM Webclient Cross-site Scripting Vulnerability | 2 | 6 | NETWORK |
CVE‑2020‑17021 | 2020‑11‑11 07:15:15 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2020‑17018 | 2020‑11‑11 07:15:15 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2020‑17005 | 2020‑11‑11 07:15:14 | MEDIUM (5) | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2 | 3 | NETWORK |
CVE‑2020‑16978 | 2020‑10‑16 23:15:17 | MEDIUM (5) | <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests.</p> | 2 | 3 | NETWORK |
CVE‑2020‑16956 | 2020‑10‑16 23:15:17 | MEDIUM (5) | <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests.</p> | 2 | 3 | NETWORK |
CVE‑2020‑16943 | 2020‑10‑16 23:15:16 | MEDIUM (7) | <p>An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce. An unauthenticated attacker who successfully exploited this vulnerability could update data without proper authorization.</p> <p>To exploit the vulnerability, an attacker would need to send a specially crafted request to an affected server.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 Commerce performs authorization checks.</p> | 3 | 4 | ADJACENT_NETWORK |
CVE‑2020‑16878 | 2020‑09‑11 17:15:18 | MEDIUM (5) | <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests.</p> | 2 | 3 | NETWORK |
CVE‑2020‑16872 | 2020‑09‑11 17:15:17 | HIGH (8) | <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests.</p> | 2 | 5 | NETWORK |
CVE‑2020‑16871 | 2020‑09‑11 17:15:17 | MEDIUM (5) | <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests.</p> | 2 | 3 | NETWORK |
CVE‑2020‑16864 | 2020‑09‑11 17:15:17 | MEDIUM (5) | <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests.</p> | 2 | 3 | NETWORK |
CVE‑2020‑16862 | 2020‑09‑11 17:15:17 | HIGH (7) | <p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable Dynamics server. The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 (on-premises) validates and sanitizes user input.</p> | 2 | 6 | NETWORK |
CVE‑2020‑16861 | 2020‑09‑11 17:15:17 | MEDIUM (5) | <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests.</p> | 2 | 3 | NETWORK |
CVE‑2020‑16860 | 2020‑09‑11 17:15:17 | MEDIUM (7) | <p>A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SQL service account. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to a vulnerable Dynamics server. The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 (on-premises) validates and sanitizes user input.</p> | 2 | 5 | NETWORK |
CVE‑2020‑16859 | 2020‑09‑11 17:15:17 | MEDIUM (5) | <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests.</p> | 2 | 3 | NETWORK |
CVE‑2020‑16858 | 2020‑09‑11 17:15:17 | MEDIUM (5) | <p>A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests.</p> | 2 | 3 | NETWORK |
CVE‑2020‑1591 | 2020‑08‑17 19:15:22 | MEDIUM (5) | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests. | 2 | 3 | NETWORK |
CVE‑2020‑1063 | 2020‑05‑21 23:15:13 | MEDIUM (5) | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | 2 | 3 | NETWORK |
CVE‑2020‑0656 | 2020‑01‑14 23:15:34 | MEDIUM (5) | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | 2 | 3 | NETWORK |
CVE‑2019‑1375 | 2019‑10‑10 14:15:19 | MEDIUM (5) | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | 2 | 3 | NETWORK |
CVE‑2019‑1229 | 2019‑08‑14 21:15:19 | MEDIUM (7) | An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation. To exploit this vulnerability, an attacker needs to have credentials for a user that has permission to author customized business rules in Dynamics, and persist XAML script in a way that causes it to be interpreted as code. The update addresses the vulnerability by restricting XAML activities to a whitelisted set. | 0 | 0 | NETWORK |
CVE‑2019‑1008 | 2019‑05‑16 19:29:05 | MEDIUM (4) | A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'. | 0 | 0 | NETWORK |
CVE‑2018‑8654 | 2020‑01‑24 21:15:12 | MEDIUM (7) | An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'. | 3 | 4 | NETWORK |
CVE‑2018‑8609 | 2018‑11‑14 01:29:02 | MEDIUM (7) | A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This affects Microsoft Dynamics 365. | 0 | 0 | NETWORK |
CVE‑2018‑8608 | 2018‑11‑14 01:29:02 | LOW (4) | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8607. | 0 | 0 | NETWORK |
CVE‑2018‑8607 | 2018‑11‑14 01:29:02 | LOW (4) | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8608. | 0 | 0 | NETWORK |
CVE‑2018‑8606 | 2018‑11‑14 01:29:02 | LOW (4) | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8607, CVE-2018-8608. | 0 | 0 | NETWORK |
CVE‑2018‑8605 | 2018‑11‑14 01:29:02 | LOW (4) | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability." This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8606, CVE-2018-8607, CVE-2018-8608. | 0 | 0 | NETWORK |
Patch more applications, achieve compliance, and prevent problems while reducing stress with Lavawall®.
A security tool by security auditors. From Passkeys and Argon2i to source validation and MVSP principles, Lavawall® has you covered.
More features and more security added nearly every day.
While Ninite and other patching tools have had the same patch offerings for decades, we're monitoring stats to keep adding the most useful programs (currently over 7,463)!
From wrapping TLS communications in extra encryption and uninstalling remote support tools when they aren't used to detailed statistical analysis of system and network performance, Lavawall® goes in-depth.
Lavawall® goes beyond patches and breach detection. We also monitor for risky Chromium extensions and allowed notifications that might be part of a phishing or ransomware attack.
Extend the security features of Cloudflare, Microsoft, Google, Sophos, and other cloud providers to create a Lavawall® of protection
Even if you used breached remote management tools like ScreenConnect through Lavawall® when it was vulnerable, your computers stayed safe because we only install the agent when it needs to be used.
Easily deploy, monitor, and analyze security tools like Huntress, AutoElevate, and Sophos. Magically gain details from ZenDesk, ConnectWise, Datto, Panorama9, Microsoft, and Google.
Get immediate fixes, user notifications, admin notifications -- and even security-certified human level 3 support when our advanced statistical analysis confirms a problem or anomaly.
2024‑12‑02 | 0.12.19.206 | test commit |
2024‑11‑22 | 0.12.18.205 | |
2024‑10‑30 | 0.12.8.195 | Mac update refinements |
2024‑10‑25 | 0.12.3.190 | |
2024‑10‑21 | 0.12.0.187 | Macos implementaiton, linux and windows improvements |
2024‑10‑16 | 0.11.128.186 | Linux stats and system information improvements, improvements for application shutdown |
2024‑09‑12 | 0.11.113.171 | CPU Optimizations and Packages reliability improvements |
2024‑09‑05 | 0.11.106.164 | Phased deployment enhancements |
2024‑09‑04 | 0.11.103.161 | |
2024‑09‑02 | 0.11.102.160 | CPU Optimizations and Packages reliability improvements |
2024‑08‑30 | 0.11.99.157 | CPU Optimizations and Packages reliability improvements |
2024‑08‑29 | 0.11.98.156 | CPU utilization and console event optimization |
2024‑08‑28 | 0.11.97.155 | Reliability to detect unusual updates like redistributables. |
2024‑08‑27 | 0.11.96.154 | |
2024‑08‑26 | 0.11.95.153 | Faster response for reboot requests |
2024‑08‑20 | 0.11.92.150 | Additional package upgrade pre-requisites |
2024‑08‑15 | 0.11.89.147 | |
2024‑08‑06 | 0.11.87.145 | |
2024‑07‑26 | 0.11.83.141 | Add resiliency for MAC duplicates and uptime |
2024‑07‑25 | 0.11.82.140 | Changes to facilitate cross-platform use. Bitlocker and Windows key refinements |
2024‑07‑15 | 0.11.80.138 | Antivirus and temperature added to configuration checks |
2024‑07‑15 | 0.11.79.137 | Add configuration checks for execution policy and secure boot |
2024‑07‑11 | 0.11.77.135 | load balancing refinements |
2024‑07‑10 | 0.11.76.134 | Add additional load balancing and data residency capabilities, add randomness to recurring task timings to decrease server load |
2024‑07‑05 | 0.11.74.132 | changes to graph and residual work on user imporsonation |
2024‑07‑04 | 0.11.73.131 | Add configuration checks for execution policy and secure boot. |
2024‑07‑03 | 0.11.72.130 | Enhanced event log monitoring |
2024‑07‑02 | 0.11.71.129 | Add details to Windows updates, enhanced risk metrics for application patches |
2024‑06‑19 | 0.11.65.123 | Update resiliancy and garbage collection |
2024‑06‑13 | 0.11.60.118 | Enhanced logging |
2024‑06‑12 | 0.11.55.113 | Include the primary drive serial number; MAC addresses for built-in wireless, Bluetooth, and ethernet into the device hash to restore uninstalled and reinstalled devices in cases where the motherboard serial is not unique |
2024‑06‑07 | 0.11.54.112 | Patch and package uninstall data addition |
2024‑06‑05 | 0.11.47.105 | refine per-user registry application listing |
2024‑06‑02 | 0.11.45.103 | uninstall and reinstall refinements, refine local logging, refine self-update and uninstall timing |
2024‑05‑30 | 0.11.21.79 | various bug fixes and improvements |
2024‑05‑28 | 0.11.16.74 | Error logging, registration, and uninstall improvements. |
2024‑05‑24 | 0.11.14.72 | applied changes for devices and login commands, changes for registration as well |
2024‑05‑22 | 0.11.13.71 | Add Windows computer model, improve Operating System parsing |
2024‑05‑21 | 0.11.11.69 | Added additional states for Windows update, flexibility for non-standard program file configurations, support for network diagrams at the switch level, details for Windows editions |
2024‑05‑21 | 0.11.10.68 | Add specific cases for Defender patterns and Composer versions. |
2024‑05‑17 | 0.11.3.61 | Change Log storage location to c:\program files\Lavawall |
2024‑05‑17 | 0.11.1.59 | self-update improvements. |
2024‑05‑16 | 0.8.0.55 | error log reporting and management. |
2024‑05‑15 | 0.7.0.54 | Websocket resiliency improvements |
2024‑05‑09 | 0.6.0.53 | Error log reporting and management. |
2024‑05‑01 | 0.5.44.52 | Even more improvements to scheduler |
2024‑04‑24 | 0.5.41.49 | Install compatibility with Sandbox |
2024‑04‑22 | 0.5.21.29 | Project property changes to enable automated compilation with new features. |
2024‑04‑20 | 0.5.20.28 | Add motherboard serial number and company reassignment |
2024‑04‑11 | 0.5.4.12 | Automate release notes as part of build process |
2024‑05‑20 | 253 | Added cleanup of old .json files during a re-install |
2024‑05‑13 | 252 | Added apt-get update to install |
2024‑05‑06 | 248 | Allow restart to use /var/run/reboot-required if needrestart is not installed |
2024‑04‑22 | 239 | Improve internal update and version tracking |
2024‑04‑15 | 235 | Add support for Yum packages |
2024‑04‑08 | 233 | Align patching with Windows patch reporting |
2024‑04‑02 | 228 | Add support for needrestart |
2024‑03‑04 | 224 | Schedule restarts |
2024‑03‑25 | 221 | Add support for apt packages |
2024‑03‑18 | 212 | Implement release management |
2024‑03‑11 | 202 | Add user login monitoring |
2024‑03‑04 | 189 | Enhance installation reliability |
2024‑02‑26 | 187 | Exapand triggers to identify if the instance needs to be restarted |
2024‑02‑19 | 146 | Improve compatibility for non-AWS instances |
2024‑02‑14 | 138 | Add self-uninstall capabilities |
2024‑02‑12 | 135 | Enhance scheduling flexibility |
2024‑02‑07 | 132 | Add kernel version tracking |
2024‑02‑05 | 124 | Add device hash to cryptographic self-update script validation |
2024‑01‑29 | 107 | Enhance encryption of patch data |
2024‑01‑22 | 98 | Improve how available storage is calculated |
2024‑01‑15 | 97 | Move initial tasks from installation file to sub scripts |
2024‑05‑21 | 91 | Improve multi-distribution compatibility |
2024‑05‑21 | 79 | Improve encryption reliability |
2023‑12‑11 | 68 | Enhance cryptographic validation of new scripts before updating |
2023‑11‑20 | 62 | Add inner layer of AES encryption in case TLS inspection doesn't allow for a secure connection |
2023‑11‑27 | 56 | Additional base cases for resiliancy |
2023‑11‑20 | 54 | Additional headers added to authentication process during installation. |
2023‑11‑20 | 53 | Enhanced key management |
2023‑11‑15 | 51 | Add insecure installation parameter to allow installation in environments with TLS inspection or other machine-in-the-middle situations. |
2023‑11‑06 | 42 | Enhance redundant encryption during installation. |
2023‑10‑30 | 33 | Improve install-over compatibility |
2023‑10‑23 | 18 | Add reboot configuration and scheduling |
2023‑10‑23 | 17 | Add self-updating functionality. |
2023‑10‑16 | 15 | Add Linux patching information for apt |
2023‑10‑09 | 14 | Collect system information |
2023‑10‑09 | 13 | Add Linux distribution information |
2023‑09‑30 | 12 | Add memory monitoring |
2023‑09‑30 | 10 | Add hardware information |
2023‑09‑23 | 9 | Add AWS information |
2023‑09‑23 | 8 | Add customized schedule capability for configuration updates |
2023‑09‑23 | 7 | Add support for package monitoring using package and dpkg logs |
2023‑09‑16 | 6 | Add storage data configuration gathering |
2023‑09‑16 | 5 | Add CPU information |
Lavawall® is under active development with the latest release including:
Monitored Applications
System Metrics
Lavawall® prevents the 80% of breaches and failed audits due to missing patches and updates.
You can reduce application patching delays from 67 days to nearly immediate with the 350+ applications that Lavawall® monitors and patches.