CVE-2024-21394: 
Microsoft Dynamics 365 vulnerability analysis and mitigation

A spoofing vulnerability has been identified in Microsoft Dynamics 365 Field Service, tracked as CVE-2024-21394. The vulnerability was initially reported on December 8, 2023, and affects Microsoft Dynamics 365 (on-premises) version 9.1 up to version 9.1.25.17 (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.6 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs low privileges, requires user interaction, and has a scope that can change contexts. The impact includes high confidentiality impact and low integrity impact, with no availability impact (NVD).

The vulnerability could allow an attacker to perform spoofing attacks against Dynamics 365 Field Service, potentially compromising the confidentiality of data and causing minor integrity issues. The high CVSS score indicates significant potential impact if successfully exploited (Microsoft Security Response Center).

Microsoft has released security updates to address this vulnerability. Organizations running affected versions of Dynamics 365 Field Service should apply the latest security patches available through the Microsoft Security Response Center (Microsoft Security Response Center).