OnlyFm252
Microsoft Dynamics

CVE-2020-16943 — Dynamics 365 Commerce Elevation of Privilege Vulnerability

Important CVSS 6.5 EPSS 0.011 2020-10 archive

Executive Summary

An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce. An unauthenticated attacker who successfully exploited this vulnerability could update data without proper authorization. To exploit the vulnerability, an attacker would need to send a specially crafted request to an affected server. The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 Commerce performs authorization checks.

Overview

6.5
CVSS MEDIUM
Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
Category Elevation of Privilege
Released Oct 13 2020
Last Updated Oct 13 2020
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known
EPSS Score 0.011 — 0.61356 percentile

CVSS Vector

ATTACK VECTOR
Adjacent
ATTACK COMPLEXITY
Low
PRIVILEGES REQUIRED
None
USER INTERACTION
None
SCOPE
Unchanged
Temporal Score: 5.9

EPSS Score

0.011
probability of exploitation in the next 30 days
0.61356 percentile - updated 2026-06-20
View on FIRST.org

Affected Products

5 affected products
Product KB Article Severity Impact Restart Required
Dynamics 365 Commerce version 10.0.12 Release Notes (Security Update) Important Elevation of Privilege Maybe
Dynamics 365 Commerce version 10.0.13 Release Notes (Security Update) Important Elevation of Privilege Maybe
Dynamics 365 Commerce version 10.0.14 Release Notes (Security Update) Important Elevation of Privilege Maybe
Dynamics 365 Commerce version 10.0.15 Release Notes (Security Update) Important Elevation of Privilege Maybe
Dynamics 365 Commerce version 10.0.16 Release Notes (Security Update) Important Elevation of Privilege Maybe

Patches

1 patch
Article Type Restart
Release Notes Security Update Maybe

Known Exploits

Acknowledgments

Prodware https://www.prodwaregroup.com/es-es/

On This Page