cvelistv5 - CVE-2019-1008

CVE-2019-1008 (GCVE-0-2019-1008)

Vulnerability from cvelistv5

Published

2019-05-16 18:24

Modified

2024-08-04 18:06

Severity ?

CWE

Security Feature Bypass

Summary

A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'.

References

URL

Tags

	secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008	Patch, Vendor Advisory

Impacted products

Vendor

Product

Version

Microsoft

Microsoft Dynamics 365 (on-premises)

Version: 8.2
Version: 9.0

Microsoft

Microsoft Dynamics CRM 2015 (on-premises)

Version: 7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:06:31.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Dynamics 365 (on-premises)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "8.2"
            },
            {
              "status": "affected",
              "version": "9.0"
            }
          ]
        },
        {
          "product": "Microsoft Dynamics CRM 2015 (on-premises)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security feature bypass vulnerability exists in Dynamics On Premise, aka \u0027Microsoft Dynamics On-Premise Security Feature Bypass\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Security Feature Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-16T18:24:57",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-1008",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Dynamics 365 (on-premises)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.2"
                          },
                          {
                            "version_value": "9.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Dynamics CRM 2015 (on-premises)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A security feature bypass vulnerability exists in Dynamics On Premise, aka \u0027Microsoft Dynamics On-Premise Security Feature Bypass\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Security Feature Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-1008",
    "datePublished": "2019-05-16T18:24:57",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:06:31.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-1008\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2019-05-16T19:29:05.257\",\"lastModified\":\"2024-11-21T04:35:50.230\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security feature bypass vulnerability exists in Dynamics On Premise, aka \u0027Microsoft Dynamics On-Premise Security Feature Bypass\u0027.\"},{\"lang\":\"es\",\"value\":\"Existe  una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad en Dynamics On Premise, tambi\u00e9n se conoce como \u0027Microsoft Dynamics On-Premise Security Feature Bypass\u0027.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_365:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D66D9710-B7E7-46D6-A50D-D0EBDEA68630\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_365:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BCEF0EC-7830-4E05-973D-91E05E7F8F18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_crm_2015:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2CA4207-3589-457D-AA2C-76E6687D462F\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

ghsa-8w8m-w63v-5jcc

Vulnerability from github

Published

2022-05-24 16:45

Modified

2022-05-24 16:45

Details

A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-1008"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-16T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A security feature bypass vulnerability exists in Dynamics On Premise, aka \u0027Microsoft Dynamics On-Premise Security Feature Bypass\u0027.",
  "id": "GHSA-8w8m-w63v-5jcc",
  "modified": "2022-05-24T16:45:54Z",
  "published": "2022-05-24T16:45:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1008"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

cnvd-2019-14679

Vulnerability from cnvd

Title

Microsoft Dynamics On-Premise安全绕过漏洞

Description

Microsoft Dynamics 365是一套适用于跨国企业的ERP业务解决方案。 Microsoft Dynamics On-Premise存在安全绕过漏洞。攻击者可以利用此漏洞绕过某些安全限制并执行未经授权的操作。

Severity

中

Patch Name

Microsoft Dynamics On-Premise安全绕过漏洞的补丁

Patch Description

Microsoft Dynamics 365是一套适用于跨国企业的ERP业务解决方案。 Microsoft Dynamics On-Premise存在安全绕过漏洞。攻击者可以利用此漏洞绕过某些安全限制并执行未经授权的操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1008

Reference

https://web.nvd.nist.gov//vuln/detail/CVE-2019-1008

Impacted products

Name
['Microsoft Dynamics CRM 2015 (on-premises) 7.0', 'Microsoft Dynamics 365 (on-premises) 9', 'Microsoft Dynamics 365 (on-premises) 8.2']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "108309"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-1008",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1008"
    }
  },
  "description": "Microsoft Dynamics 365\u662f\u4e00\u5957\u9002\u7528\u4e8e\u8de8\u56fd\u4f01\u4e1a\u7684ERP\u4e1a\u52a1\u89e3\u51b3\u65b9\u6848\u3002\n\nMicrosoft Dynamics On-Premise\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002",
  "discovererName": "Adam Willard",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-1008",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-14679",
  "openTime": "2019-05-17",
  "patchDescription": "Microsoft Dynamics 365\u662f\u4e00\u5957\u9002\u7528\u4e8e\u8de8\u56fd\u4f01\u4e1a\u7684ERP\u4e1a\u52a1\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nMicrosoft Dynamics On-Premise\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u7ed5\u8fc7\u67d0\u4e9b\u5b89\u5168\u9650\u5236\u5e76\u6267\u884c\u672a\u7ecf\u6388\u6743\u7684\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Dynamics On-Premise\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Dynamics CRM 2015 (on-premises) 7.0",
      "Microsoft Dynamics 365 (on-premises) 9",
      "Microsoft Dynamics 365 (on-premises) 8.2"
    ]
  },
  "referenceLink": "https://web.nvd.nist.gov//vuln/detail/CVE-2019-1008",
  "serverity": "\u4e2d",
  "submitTime": "2019-05-16",
  "title": "Microsoft Dynamics On-Premise\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

fkie_cve-2019-1008

Vulnerability from fkie_nvd

Published

2019-05-16 19:29

Modified

2024-11-21 04:35

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'.

References

	URL	Tags
	secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	dynamics_365	8.2
microsoft	dynamics_365	9.0
microsoft	dynamics_crm_2015	7.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D66D9710-B7E7-46D6-A50D-D0EBDEA68630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BCEF0EC-7830-4E05-973D-91E05E7F8F18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_crm_2015:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CA4207-3589-457D-AA2C-76E6687D462F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A security feature bypass vulnerability exists in Dynamics On Premise, aka \u0027Microsoft Dynamics On-Premise Security Feature Bypass\u0027."
    },
    {
      "lang": "es",
      "value": "Existe  una vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad en Dynamics On Premise, tambi\u00e9n se conoce como \u0027Microsoft Dynamics On-Premise Security Feature Bypass\u0027."
    }
  ],
  "id": "CVE-2019-1008",
  "lastModified": "2024-11-21T04:35:50.230",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-16T19:29:05.257",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une élévation de privilèges, une exécution de code à distance, une usurpation d'identité et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Azure	Microsoft Azure Active Directory Connect
Microsoft	N/A	ChakraCore
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.0
Microsoft	N/A	Team Foundation Server 2018 Update 3.2
Microsoft	N/A	Microsoft Dynamics CRM 2015 (on-premises) version 7.0
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9
Microsoft	Azure	Azure DevOps Server 2019
Microsoft	N/A	Team Foundation Server 2017 Update 3.1
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.0
Microsoft	N/A	Microsoft SQL Server 2017 pour systèmes x64 (CU+GDR)
Microsoft	N/A	Microsoft SQL Server 2017 pour systèmes x64 (GDR)
Microsoft	N/A	Microsoft Visual Studio 2015 Update 3
Microsoft	N/A	Nuget 5.0.2
Microsoft	N/A	Team Foundation Server 2018 Update 1.2
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.0
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 8.2
Microsoft	N/A	Skype 8.35 when installed on Android Devices
Microsoft	N/A	Team Foundation Server 2015 Update 4.2

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 14 mai 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Azure Active Directory Connect",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Update 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics CRM 2015 (on-premises) version 7.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure DevOps Server 2019",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2017 Update 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU+GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2015 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuget 5.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Update 1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype 8.35 when installed on Android Devices",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2015 Update 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-0916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0916"
    },
    {
      "name": "CVE-2019-0727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0727"
    },
    {
      "name": "CVE-2019-0976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0976"
    },
    {
      "name": "CVE-2019-0872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0872"
    },
    {
      "name": "CVE-2019-0922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0922"
    },
    {
      "name": "CVE-2019-0979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0979"
    },
    {
      "name": "CVE-2019-0937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0937"
    },
    {
      "name": "CVE-2019-0819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0819"
    },
    {
      "name": "CVE-2019-0911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0911"
    },
    {
      "name": "CVE-2019-0912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0912"
    },
    {
      "name": "CVE-2019-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1000"
    },
    {
      "name": "CVE-2019-0927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0927"
    },
    {
      "name": "CVE-2019-0971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0971"
    },
    {
      "name": "CVE-2019-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0913"
    },
    {
      "name": "CVE-2019-0933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0933"
    },
    {
      "name": "CVE-2019-0924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0924"
    },
    {
      "name": "CVE-2019-0914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0914"
    },
    {
      "name": "CVE-2019-0925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0925"
    },
    {
      "name": "CVE-2019-0915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0915"
    },
    {
      "name": "CVE-2019-0917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0917"
    },
    {
      "name": "CVE-2019-0932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0932"
    },
    {
      "name": "CVE-2019-1008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1008"
    }
  ],
  "initial_release_date": "2019-05-15T00:00:00",
  "last_revision_date": "2019-05-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-225",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune \u00e9l\u00e9vation de privil\u00e8ges, une ex\u00e9cution de code \u00e0 distance, une\nusurpation d\u0027identit\u00e9 et un contournement de la fonctionnalit\u00e9 de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 14 mai 2019",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

gsd-2019-1008

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

A security feature bypass vulnerability exists in Dynamics On Premise, aka 'Microsoft Dynamics On-Premise Security Feature Bypass'.

Aliases

CVE-2019-1008

Aliases

CVE-2019-1008

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-1008",
    "description": "A security feature bypass vulnerability exists in Dynamics On Premise, aka \u0027Microsoft Dynamics On-Premise Security Feature Bypass\u0027.",
    "id": "GSD-2019-1008"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-1008"
      ],
      "details": "A security feature bypass vulnerability exists in Dynamics On Premise, aka \u0027Microsoft Dynamics On-Premise Security Feature Bypass\u0027.",
      "id": "GSD-2019-1008",
      "modified": "2023-12-13T01:23:52.130369Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2019-1008",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Dynamics 365 (on-premises)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "8.2"
                        },
                        {
                          "version_value": "9.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics CRM 2015 (on-premises)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "7.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A security feature bypass vulnerability exists in Dynamics On Premise, aka \u0027Microsoft Dynamics On-Premise Security Feature Bypass\u0027."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Security Feature Bypass"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_crm_2015:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-1008"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A security feature bypass vulnerability exists in Dynamics On Premise, aka \u0027Microsoft Dynamics On-Premise Security Feature Bypass\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1008"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-05-16T19:29Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-1008 (GCVE-0-2019-1008)

Vulnerability from cvelistv5

ghsa-8w8m-w63v-5jcc

Vulnerability from github

cnvd-2019-14679

Vulnerability from cnvd

fkie_cve-2019-1008

Vulnerability from fkie_nvd

CERTFR-2019-AVI-225

Vulnerability from certfr_avis

Solution

gsd-2019-1008

Vulnerability from gsd

Tags

Sightings

Nomenclature