Description
Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service (instance outage) via crafted data to an Application Object Server (AOS) instance, aka "Query Filter DoS Vulnerability."
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-004
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029601
Scores
EPSS
0.1030
EPSS Percentile
95.2%
Details
CWE
CWE-20
Status
published
Products (3)
microsoft/dynamics_ax
4.0 sp2
microsoft/dynamics_ax
2009 sp1
microsoft/dynamics_ax
2012 (2 CPE variants)
Published
Jan 15, 2014
Tracked Since
Feb 18, 2026