8.8 / 10

A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) when the server fails to properly sanitize web requests to an affected Dynamics server, aka 'Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16862.

Weakness: Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Published: 2020-09-11

Researcher Credit

Vulnerable Products

Community Advisory

This section is open source, for any additional information that enhances or clarifies the official advisory above.

Improve Advisory

CVE-2020-16860 Exploits

Exploits for CVE-2020-16860 are not publicly available.

Access our inventory of exclusive N-Day CVE Exploits, provided for legal security research and testing purposes. Inquire about our offerings by email: [email protected] (PGP key).

Official CVE References

View references (1)