Back to Advisories
🔔 CVE Advisory

CVE-2022-23273

Dynamics GP 2018

Dynamics GP Web Client allows the user to run arbitrary macro scripts, which can then be used to write files with any extensions with the user's current Windows Identity/Active Directory permission on the target web server. This primitive can be used to overwrite the config file, affecting the entire tennant.

Year 2022
Published April 6, 2022

Advisory Information

Affected Product Dynamics GP 2018
Title CVE-2022-23273
Description

Dynamics GP Web Client allows the user to run arbitrary macro scripts, which can then be used to write files with any extensions with the user's current Windows Identity/Active Directory permission on the target web server. This primitive can be used to overwrite the config file, affecting the entire tennant.

Year 2022
Published Date April 6, 2022
View Full CVE Advisory

Affected Vendors

M
Microsoft

Research Team

Hà Anh Hoàng
Hà Anh Hoàng
Senior Researcher