CVE-2024-35263: 
Microsoft Dynamics 365 vulnerability analysis and mitigation

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability (CVE-2024-35263) was disclosed in June 2024. This vulnerability affects Microsoft Dynamics 365 (on-premises) version 9.1. The vulnerability has been assigned a CVSS v3.1 base score of 5.7 (MEDIUM), indicating a moderate severity level (NVD).

The vulnerability is classified as an information disclosure issue (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor). The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is unchanged (S:U), with high confidentiality impact (C:H) but no impact on integrity (I:N) or availability (A:N) (NVD).

If successfully exploited, this vulnerability could allow an attacker to access sensitive information that should not be available to unauthorized users. The vulnerability specifically impacts confidentiality with a high severity rating, while not affecting system integrity or availability (MSRC).

Microsoft has released security updates to address this vulnerability. Organizations running affected versions of Microsoft Dynamics 365 (On-Premises) should apply the available patches. The fix is available through Microsoft's standard update channels (MSRC).