Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network.
This vulnerability has a high impact on confidentiality, integrity, and availability. An unauthenticated attacker can exploit this vulnerability over a network to elevate privileges. The scope of the attack is changed, meaning it can affect resources beyond the vulnerable component.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available. Microsoft has released an official fix for this vulnerability.
Apply the official patch provided by Microsoft as soon as possible. Prioritize this update due to the high severity of the vulnerability. Monitor network traffic for suspicious activities. Implement strong network segmentation and access controls to limit potential unauthorized access.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Feedly found the first article mentioning CVE-2024-38182. See article
A CVSS base score of 9 has been assigned.
Feedly estimated the CVSS score as HIGH
NVD published the first details for CVE-2024-38182
EPSS Score was set to: 0.09% (Percentile: 39.5%)