MS12-040: Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (MSSQL check)
Medium Nessus Plugin ID 59643
SynopsisA web application on the remote host has a cross-site scripting vulnerability.
DescriptionThe version of Microsoft Dynamics AX Enterprise Portal on the remote host has an unspecified cross-site scripting vulnerability. An attacker could exploit this by tricking a user into making a malicious request, resulting in arbitrary script code execution.
This plugin checks if the system is missing KB2706738 or KB2710639.
Nessus will only check for the missing KBs if Dynamics AX and SQL Server are on the same system, SQL Server is available via TCP/IP, and SQL Server is configured to use Windows authentication.
SolutionMicrosoft has released a set of patches for Dynamics AX 2012 Enterprise Portal.