| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| CVE-2022-35805 | Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerability | Microsoft Dynamics CRM(on-premises) | Critical | 26-09-2022 |
Technical Information
This is a remote code execution vulnerability in on-premises Microsoft Dynamics CRM. An authenticated user could run a specially crafted trusted solution package to execute arbitrary SQL commands. From there the attacker could escalate and execute commands as db_owner within their Dynamics CRM database.
Further information on this vulnerability is available at : CVE-2022-35805
Affected Software
Microsoft Dynamics CRM (on-premises) 9.0Microsoft Dynamics CRM (on-premises) 9.1