Tag
#Microsoft Dynamics GP
CVE-2022-23274: Microsoft Dynamics GP Remote Code Execution Vulnerability
**How could an attacker exploit this vulnerability?** An authenticated user could send a specially crafted SQL request to a Dynamics GP Web Service and perform remote code execution.
CVE-2022-23272: Microsoft Dynamics GP Elevation Of Privilege Vulnerability
**How could an attacker exploit this vulnerability?** An attacker could send a specially crafted request to a vulnerable Dynamics site and overwrite database contents.
CVE-2022-23269: Microsoft Dynamics GP Spoofing Vulnerability
**The CVSS Score says user action is required. What type of user action is required?** An authenticated user would have to visit a specific URL that will create an action for a workflow.