Microsoft Patches Security Flaws in Dynamics 365 and Power Apps
/ 1 min read
🔑 Critical vulnerabilities in Dynamics 365 and Power Apps Web API exposed. Three recently patched security flaws in Microsoft’s Dynamics 365 and Power Apps Web API could have led to significant data exposure, as revealed by Stratus Security. Two vulnerabilities were linked to the OData Web API Filter, allowing unauthorized access to sensitive information, including personal and financial data. The third flaw involved the FetchXML API, which could be exploited to bypass access controls and retrieve restricted data. Attackers could potentially compile lists of password hashes and emails, posing a serious risk to user security. Stratus Security emphasized the need for ongoing vigilance in cybersecurity, particularly for large organizations managing extensive data.
