Detections
Analytics
MS12-040: Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)
medium Nessus Plugin ID 59458
Language:
Synopsis
A web application on the remote host has a cross-site scripting vulnerability.Description
The version of Microsoft Dynamics AX Enterprise Portal on the remote host has an unspecified cross-site scripting vulnerability. An attacker could exploit this by tricking a user into making a malicious request, resulting in arbitrary script code execution.This plugin checks if the system is missing KB2711239.
Solution
Microsoft has released a set of patches for Dynamics AX 2012 Enterprise Portal.See Also
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-040
Plugin Details
Severity: Medium
ID: 59458
File Name: smb_nt_ms12-040.nasl
Version: 1.11
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 6/13/2012
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.2
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/a:microsoft:dynamics_ax
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: No known exploits are available
Patch Publication Date: 6/12/2012
Vulnerability Publication Date: 6/12/2012
Reference Information
CVE: CVE-2012-1857
BID: 53863