Search criteria
45 vulnerabilities found for dynamics_365_business_central by microsoft
FKIE_CVE-2024-43460
Vulnerability from fkie_nvd - Published: 2024-09-17 19:15 - Updated: 2024-09-25 19:18
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43460 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_365_business_central | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:-:-:*:*:*:*:*:*",
"matchCriteriaId": "F7263659-A8E0-4869-83FA-8E5253C16F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "secure@microsoft.com",
"tags": [
"exclusively-hosted-service"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network."
},
{
"lang": "es",
"value": "Una autorizaci\u00f3n incorrecta en Dynamics 365 Business Central provoc\u00f3 una vulnerabilidad que permite a un atacante autenticado elevar privilegios en una red."
}
],
"id": "CVE-2024-43460",
"lastModified": "2024-09-25T19:18:53.350",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-17T19:15:27.500",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43460"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-38225
Vulnerability from fkie_nvd - Published: 2024-09-10 17:15 - Updated: 2024-09-17 16:58
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38225 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_365_business_central | 2023 | |
| microsoft | dynamics_365_business_central | 2023 | |
| microsoft | dynamics_365_business_central | 2024 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "EC16B684-C9B0-4F02-A5ED-20CBCDFD9191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_2:*:*:*:*:*:*",
"matchCriteriaId": "8E174DED-BAE1-4377-8D65-DBF2B7CCF9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2024:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "0BCF31A9-84D3-4494-B3C3-65CFF284921D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Dynamics 365 Business Central"
}
],
"id": "CVE-2024-38225",
"lastModified": "2024-09-17T16:58:39.197",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-10T17:15:25.063",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38225"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-35248
Vulnerability from fkie_nvd - Published: 2024-06-11 17:16 - Updated: 2024-11-21 09:20
Severity ?
Summary
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35248 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35248 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_365_business_central | 2023 | |
| microsoft | dynamics_365_business_central | 2023 | |
| microsoft | dynamics_365_business_central | 2024 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "EC16B684-C9B0-4F02-A5ED-20CBCDFD9191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_2:*:*:*:*:*:*",
"matchCriteriaId": "8E174DED-BAE1-4377-8D65-DBF2B7CCF9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2024:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "0BCF31A9-84D3-4494-B3C3-65CFF284921D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios de Microsoft Dynamics 365 Business Central"
}
],
"id": "CVE-2024-35248",
"lastModified": "2024-11-21T09:20:00.980",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-06-11T17:16:02.180",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35248"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1390"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-35249
Vulnerability from fkie_nvd - Published: 2024-06-11 17:16 - Updated: 2024-11-21 09:20
Severity ?
Summary
Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35249 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35249 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_365_business_central | 2023 | |
| microsoft | dynamics_365_business_central | 2023 | |
| microsoft | dynamics_365_business_central | 2024 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "EC16B684-C9B0-4F02-A5ED-20CBCDFD9191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_2:*:*:*:*:*:*",
"matchCriteriaId": "8E174DED-BAE1-4377-8D65-DBF2B7CCF9D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2024:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "0BCF31A9-84D3-4494-B3C3-65CFF284921D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Dynamics 365 Business Central"
}
],
"id": "CVE-2024-35249",
"lastModified": "2024-11-21T09:20:01.130",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-06-11T17:16:02.417",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35249"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-21380
Vulnerability from fkie_nvd - Published: 2024-02-13 18:15 - Updated: 2024-11-21 08:54
Severity ?
Summary
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21380 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21380 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_365_business_central | 2022 | |
| microsoft | dynamics_365_business_central | 2023 | |
| microsoft | dynamics_365_business_central | 2023 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2022:release_wave_2:*:*:*:*:*:*",
"matchCriteriaId": "00026FBE-E841-4889-A09E-FDDD80DAE157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "EC16B684-C9B0-4F02-A5ED-20CBCDFD9191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_2:*:*:*:*:*:*",
"matchCriteriaId": "8E174DED-BAE1-4377-8D65-DBF2B7CCF9D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Dynamics Business Central/NAV"
}
],
"id": "CVE-2024-21380",
"lastModified": "2024-11-21T08:54:14.550",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2024-02-13T18:15:56.160",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21380"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-38167
Vulnerability from fkie_nvd - Published: 2023-08-08 18:15 - Updated: 2025-01-01 02:16
Severity ?
Summary
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38167 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38167 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_365_business_central | 2023 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "EC16B684-C9B0-4F02-A5ED-20CBCDFD9191",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability"
}
],
"id": "CVE-2023-38167",
"lastModified": "2025-01-01T02:16:29.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2023-08-08T18:15:22.173",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38167"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-41127
Vulnerability from fkie_nvd - Published: 2022-12-13 19:15 - Updated: 2024-11-21 07:22
Severity ?
Summary
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_365_business_central | 2019 | |
| microsoft | dynamics_365_business_central | 2019 | |
| microsoft | dynamics_365_business_central | 2020 | |
| microsoft | dynamics_365_business_central | 2020 | |
| microsoft | dynamics_365_business_central | 2021 | |
| microsoft | dynamics_365_business_central | 2021 | |
| microsoft | dynamics_365_business_central | 2022 | |
| microsoft | dynamics_nav | 2016 | |
| microsoft | dynamics_nav | 2017 | |
| microsoft | dynamics_nav | 2018 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:on-premise:*:*:*",
"matchCriteriaId": "3972FED2-131E-447F-B0D7-86BFEC57F018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*",
"matchCriteriaId": "344834A1-6BC8-41F1-A225-6051FAE857A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "F51A2D68-9B05-4565-8677-82761652876F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*",
"matchCriteriaId": "BBA207FC-8ADA-4DA9-BCE5-5ABB51B1C2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2021:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "039B9A4B-EF36-4EAC-BE4A-BAEFCD1B0145",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2021:release_wave_2:*:*:*:*:*:*",
"matchCriteriaId": "53830264-2696-4A6C-ACFD-18FAA03B616B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2022:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "91B91E62-E8A6-40CC-8F9D-7277628CA4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "8C8981A2-51D0-4FCC-8326-F807E2CC0D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "6C147B08-82DF-4051-ACA4-B1ACEDB15FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Dynamics NAV y Microsoft Dynamics 365 Business Central (On Premises)."
}
],
"id": "CVE-2022-41127",
"lastModified": "2024-11-21T07:22:40.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2022-12-13T19:15:12.337",
"references": [
{
"source": "secure@microsoft.com",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-41066
Vulnerability from fkie_nvd - Published: 2022-11-09 22:15 - Updated: 2025-08-25 02:23
Severity ?
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Microsoft Business Central Information Disclosure Vulnerability
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B4AC243-AFB8-4735-B3BA-42677448216D",
"versionEndExcluding": "14.42.49347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2021:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E97209C-6B3C-4E82-A788-239BBF042316",
"versionEndIncluding": "19.18.54872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3527F043-462D-4EE9-88EA-F3805B5A882B",
"versionEndExcluding": "20.7.48483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F801EA-68D1-42AD-B956-BF3951E7ED1E",
"versionEndExcluding": "21.1.48638",
"versionStartIncluding": "21.1.48638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Business Central Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Business Central"
}
],
"id": "CVE-2022-41066",
"lastModified": "2025-08-25T02:23:53.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-11-09T22:15:21.070",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-40440
Vulnerability from fkie_nvd - Published: 2021-09-15 12:15 - Updated: 2024-11-21 06:24
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_365_business_central | 2020 | |
| microsoft | dynamics_365_business_central | 2021 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:update_17.10:release_wave_2:*:*:*:*:*",
"matchCriteriaId": "63AA9351-5B16-4610-BD4C-BAF95ABF327F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2021:update_18.5:release_wave_1:*:*:*:*:*",
"matchCriteriaId": "D3D8694C-E7BE-4555-958E-BA1D8FD750C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting de Microsoft Dynamics Business Central"
}
],
"id": "CVE-2021-40440",
"lastModified": "2024-11-21T06:24:07.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-09-15T12:15:16.367",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40440"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-36946
Vulnerability from fkie_nvd - Published: 2021-08-12 18:15 - Updated: 2024-11-21 06:14
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | dynamics_365_business_central | 2019 | |
| microsoft | dynamics_365_business_central | 2020 | |
| microsoft | dynamics_365_business_central | 2020 | |
| microsoft | dynamics_nav | 2017 | |
| microsoft | dynamics_nav | 2018 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*",
"matchCriteriaId": "344834A1-6BC8-41F1-A225-6051FAE857A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*",
"matchCriteriaId": "F51A2D68-9B05-4565-8677-82761652876F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*",
"matchCriteriaId": "BBA207FC-8ADA-4DA9-BCE5-5ABB51B1C2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "6C147B08-82DF-4051-ACA4-B1ACEDB15FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
},
{
"lang": "es",
"value": "Una Vulnerabilidad de tipo Cross-site Scripting en Microsoft Dynamics Business Central"
}
],
"id": "CVE-2021-36946",
"lastModified": "2024-11-21T06:14:21.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-08-12T18:15:10.110",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-43460 (GCVE-0-2024-43460)
Vulnerability from cvelistv5 – Published: 2024-09-17 18:15 – Updated: 2024-12-31 23:03 Exclusively Hosted Service
VLAI?
Title
Dynamics 365 Business Central Elevation of Privilege Vulnerability
Summary
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
Severity ?
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Dynamics 365 Business Central Online |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T20:04:56.742873Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:08:16.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central Online",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.dynamics_365_business_central_online:*:*:*:*:*:*:*:*",
"versionStartIncluding": "N/A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-09-17T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T23:03:27.545Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Dynamics 365 Business Central Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43460"
}
],
"tags": [
"exclusively-hosted-service"
],
"title": "Dynamics 365 Business Central Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-43460",
"datePublished": "2024-09-17T18:15:49.863Z",
"dateReserved": "2024-08-14T01:08:33.515Z",
"dateUpdated": "2024-12-31T23:03:27.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38225 (GCVE-0-2024-38225)
Vulnerability from cvelistv5 – Published: 2024-09-10 16:53 – Updated: 2024-12-31 23:03
VLAI?
Title
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Summary
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics 365 Business Central 2023 Release Wave 1 |
Affected:
22.0.0 , < App Build 22.16.64731, Platform Build 22.0.64727
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T18:52:19.327815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T18:54:09.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 22.16.64731, Platform Build 22.0.64727",
"status": "affected",
"version": "22.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2024 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 23.10.22604, Platform Build 23.0.22561",
"status": "affected",
"version": "24.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 24.4. 22925, Platform Build 24.0. 22865",
"status": "affected",
"version": "23.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 22.16.64731, Platform Build 22.0.64727",
"versionStartIncluding": "22.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 23.10.22604, Platform Build 23.0.22561",
"versionStartIncluding": "24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "App Build 24.4. 22925, Platform Build 24.0. 22865",
"versionStartIncluding": "23.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-09-10T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T23:03:03.861Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38225"
}
],
"title": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-38225",
"datePublished": "2024-09-10T16:53:56.595Z",
"dateReserved": "2024-06-11T22:36:08.225Z",
"dateUpdated": "2024-12-31T23:03:03.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35249 (GCVE-0-2024-35249)
Vulnerability from cvelistv5 – Published: 2024-06-11 17:00 – Updated: 2025-12-17 22:23
VLAI?
Title
Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability
Summary
Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics 365 Business Central 2024 Release Wave 1 |
Affected:
24.0 , < Application Build 24.1.19498, Platform Build 24.0.
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T03:55:48.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2024 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 24.1.19498, Platform Build 24.0.",
"status": "affected",
"version": "24.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 22.13.64344, Platform Build 22.0",
"status": "affected",
"version": "22.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 23.7.18957, Platform Build 23.0.",
"status": "affected",
"version": "23.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2024:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 24.1.19498, Platform Build 24.0.",
"versionStartIncluding": "24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2023:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 22.13.64344, Platform Build 22.0",
"versionStartIncluding": "22.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2023:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 23.7.18957, Platform Build 23.0.",
"versionStartIncluding": "23.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-06-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T22:23:43.384Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35249"
}
],
"title": "Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-35249",
"datePublished": "2024-06-11T17:00:06.410Z",
"dateReserved": "2024-05-14T20:14:47.410Z",
"dateUpdated": "2025-12-17T22:23:43.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35248 (GCVE-0-2024-35248)
Vulnerability from cvelistv5 – Published: 2024-06-11 17:00 – Updated: 2025-12-17 22:23
VLAI?
Title
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Summary
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Severity ?
CWE
- CWE-1390 - Weak Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics 365 Business Central 2023 Release Wave 1 |
Affected:
22.0.0 , < Application Build 22.13.64344, Platform Build 22.0
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T03:55:47.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 22.13.64344, Platform Build 22.0",
"status": "affected",
"version": "22.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 23.7.18957, Platform Build 23.0.",
"status": "affected",
"version": "23.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2024 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 24.1.19498, Platform Build 24.0.",
"status": "affected",
"version": "24.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2023:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 22.13.64344, Platform Build 22.0",
"versionStartIncluding": "22.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2023:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 23.7.18957, Platform Build 23.0.",
"versionStartIncluding": "23.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2024:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 24.1.19498, Platform Build 24.0.",
"versionStartIncluding": "24.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-06-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1390",
"description": "CWE-1390: Weak Authentication",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T22:23:42.802Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35248"
}
],
"title": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-35248",
"datePublished": "2024-06-11T17:00:05.663Z",
"dateReserved": "2024-05-14T20:14:47.410Z",
"dateUpdated": "2025-12-17T22:23:42.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-21380 (GCVE-0-2024-21380)
Vulnerability from cvelistv5 – Published: 2024-02-13 18:02 – Updated: 2025-05-03 01:37
VLAI?
Title
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
Summary
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics 365 Business Central 2022 Release Wave 2 |
Affected:
21.0.0 , < Application Build 21.16.63199, Platform Build 21.0
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:20:40.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21380"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T18:41:20.437790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T18:01:02.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 21.16.63199, Platform Build 21.0",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 22.10.63195, Platform Build 22.0",
"status": "affected",
"version": "22.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 23.4.15715, Platform Build 23.0.",
"status": "affected",
"version": "23.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 21.16.63199, Platform Build 21.0",
"versionStartIncluding": "21.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 22.10.63195, Platform Build 22.0",
"versionStartIncluding": "22.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 23.4.15715, Platform Build 23.0.",
"versionStartIncluding": "23.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-02-13T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:37:39.965Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21380"
}
],
"title": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-21380",
"datePublished": "2024-02-13T18:02:43.563Z",
"dateReserved": "2023-12-08T22:45:20.452Z",
"dateUpdated": "2025-05-03T01:37:39.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38167 (GCVE-0-2023-38167)
Vulnerability from cvelistv5 – Published: 2023-08-08 17:08 – Updated: 2025-02-27 21:07
VLAI?
Title
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Summary
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Dynamics 365 Business Central 2023 Release Wave 1 |
Affected:
22.0.0 , < Application Build 22.4.59134, Platform Build 22.0.
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38167"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:53:44.256323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T21:07:18.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 22.4.59134, Platform Build 22.0.",
"status": "affected",
"version": "22.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 22.4.59134, Platform Build 22.0.",
"versionStartIncluding": "22.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-08-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:59:02.417Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38167"
}
],
"title": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-38167",
"datePublished": "2023-08-08T17:08:45.147Z",
"dateReserved": "2023-07-12T23:41:45.862Z",
"dateUpdated": "2025-02-27T21:07:18.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41127 (GCVE-0-2022-41127)
Vulnerability from cvelistv5 – Published: 2022-12-13 00:00 – Updated: 2025-07-22 17:49
VLAI?
Title
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
Summary
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
Severity ?
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2016 |
Affected:
1.0 , < Build 52203
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Build 52203",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Build 30712",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Build 49497",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2015",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "52204",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central Spring 2019 Update",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 14.43.49498, Platform Build 14.0.49494",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 15.17.48428, Platform Build 15.0.48",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 17.17.38111, Platform Build 17.0.38061",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 16.19.35126, Platform Build 16.35120",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 20.8.49971, Platform Build 20.0.49947",
"status": "affected",
"version": "20.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 19.14.49970, Platform Build 19.0.49925",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 21.2.49990, Platform Build 21.0.49984",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 18.18.46920, Platform Build 18.0.46905",
"status": "affected",
"version": "18.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2013 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "52297",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "Build 52203",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2017:*:*:*:*:*:*:*:*",
"versionEndExcluding": "Build 30712",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2018:*:*:*:*:*:*:*:*",
"versionEndExcluding": "Build 49497",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2015:*:*:*:*:*:*:*:*",
"versionEndExcluding": "52204",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2019:*:spring_update:*:*:*:*:*:*",
"versionEndExcluding": "App Build 14.43.49498, Platform Build 14.0.49494",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2019:*:release_wave_2:*:*:on-premise:*:*:*",
"versionEndExcluding": "App Build 15.17.48428, Platform Build 15.0.48",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2020:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "App Build 17.17.38111, Platform Build 17.0.38061",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2020:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 16.19.35126, Platform Build 16.35120",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 20.8.49971, Platform Build 20.0.49947",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2021:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "App Build 19.14.49970, Platform Build 19.0.49925",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "App Build 21.2.49990, Platform Build 21.0.49984",
"versionStartIncluding": "21.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2021:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 18.18.46920, Platform Build 18.0.46905",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2013_R2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "52297",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-12-13T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T17:49:27.342Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
}
],
"title": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41127",
"datePublished": "2022-12-13T00:00:00",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2025-07-22T17:49:27.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41066 (GCVE-0-2022-41066)
Vulnerability from cvelistv5 – Published: 2022-11-09 00:00 – Updated: 2025-01-02 21:31
VLAI?
Title
Microsoft Business Central Information Disclosure Vulnerability
Summary
Microsoft Business Central Information Disclosure Vulnerability
Severity ?
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2018 |
Affected:
1.0 , < 49345
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Business Central Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "49345",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central Spring 2019 Update",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 14.42.49347, Platform Build 14.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 21.1.48638, Platform Build 21.0.",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 20.7.48483, Platform Build 20.0.",
"status": "affected",
"version": "20.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 21.2.49990, Platform Build 21.0",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:*:*:*:*:*:*:*:*",
"versionEndExcluding": "49345",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:spring_update:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 14.42.49347, Platform Build 14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 21.1.48638, Platform Build 21.0.",
"versionStartIncluding": "21.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 20.7.48483, Platform Build 20.0.",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 21.2.49990, Platform Build 21.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-11-08T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Business Central Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:31:52.861Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Business Central Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
}
],
"title": "Microsoft Business Central Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41066",
"datePublished": "2022-11-09T00:00:00",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2025-01-02T21:31:52.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40440 (GCVE-0-2021-40440)
Vulnerability from cvelistv5 – Published: 2021-09-15 11:24 – Updated: 2024-08-04 02:44
VLAI?
Title
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Summary
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics 365 Business Central 2020 Release Wave 2 – Update 17.10 |
Affected:
17.0.0.0 , < App Build 17.10.29463, Platform Build 17.0.29460
(custom)
cpe:2.3:a:microsoft:dynamics_365_business_central:2020:update_17.10:release_wave_2:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:update_17.10:release_wave_2:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2 \u2013 Update 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 17.10.29463, Platform Build 17.0.29460",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2021:update_18.5:release_wave_1:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 1 - Update 18.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 18.5.29545, Platform Build 18.0.29486",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-14T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T19:37:23.149Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40440"
}
],
"title": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-40440",
"datePublished": "2021-09-15T11:24:25",
"dateReserved": "2021-09-02T00:00:00",
"dateUpdated": "2024-08-04T02:44:10.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36946 (GCVE-0-2021-36946)
Vulnerability from cvelistv5 – Published: 2021-08-12 18:12 – Updated: 2024-08-04 01:09
VLAI?
Title
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Summary
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2017 |
Affected:
1.0 , < 30601
(custom)
cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:* |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:09:07.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "30601",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "47562",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central Spring 2019 Update",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 14.27.47563, Platform Build 14.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 17.9.28504, Platform Build 17.0.",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.15",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 16.15.28500, Platform Build 16.0",
"status": "affected",
"version": "16.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-10T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T19:54:01.481Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"
}
],
"title": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-36946",
"datePublished": "2021-08-12T18:12:34",
"dateReserved": "2021-07-19T00:00:00",
"dateUpdated": "2024-08-04T01:09:07.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43460 (GCVE-0-2024-43460)
Vulnerability from nvd – Published: 2024-09-17 18:15 – Updated: 2024-12-31 23:03 Exclusively Hosted Service
VLAI?
Title
Dynamics 365 Business Central Elevation of Privilege Vulnerability
Summary
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
Severity ?
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Dynamics 365 Business Central Online |
Affected:
N/A
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-17T20:04:56.742873Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T20:08:16.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central Online",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.dynamics_365_business_central_online:*:*:*:*:*:*:*:*",
"versionStartIncluding": "N/A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-09-17T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T23:03:27.545Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Dynamics 365 Business Central Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43460"
}
],
"tags": [
"exclusively-hosted-service"
],
"title": "Dynamics 365 Business Central Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-43460",
"datePublished": "2024-09-17T18:15:49.863Z",
"dateReserved": "2024-08-14T01:08:33.515Z",
"dateUpdated": "2024-12-31T23:03:27.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38225 (GCVE-0-2024-38225)
Vulnerability from nvd – Published: 2024-09-10 16:53 – Updated: 2024-12-31 23:03
VLAI?
Title
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Summary
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Severity ?
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics 365 Business Central 2023 Release Wave 1 |
Affected:
22.0.0 , < App Build 22.16.64731, Platform Build 22.0.64727
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38225",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T18:52:19.327815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T18:54:09.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 22.16.64731, Platform Build 22.0.64727",
"status": "affected",
"version": "22.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2024 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 23.10.22604, Platform Build 23.0.22561",
"status": "affected",
"version": "24.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 24.4. 22925, Platform Build 24.0. 22865",
"status": "affected",
"version": "23.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 22.16.64731, Platform Build 22.0.64727",
"versionStartIncluding": "22.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 23.10.22604, Platform Build 23.0.22561",
"versionStartIncluding": "24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "App Build 24.4. 22925, Platform Build 24.0. 22865",
"versionStartIncluding": "23.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-09-10T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T23:03:03.861Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38225"
}
],
"title": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-38225",
"datePublished": "2024-09-10T16:53:56.595Z",
"dateReserved": "2024-06-11T22:36:08.225Z",
"dateUpdated": "2024-12-31T23:03:03.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35249 (GCVE-0-2024-35249)
Vulnerability from nvd – Published: 2024-06-11 17:00 – Updated: 2025-12-17 22:23
VLAI?
Title
Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability
Summary
Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics 365 Business Central 2024 Release Wave 1 |
Affected:
24.0 , < Application Build 24.1.19498, Platform Build 24.0.
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T03:55:48.237Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2024 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 24.1.19498, Platform Build 24.0.",
"status": "affected",
"version": "24.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 22.13.64344, Platform Build 22.0",
"status": "affected",
"version": "22.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 23.7.18957, Platform Build 23.0.",
"status": "affected",
"version": "23.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2024:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 24.1.19498, Platform Build 24.0.",
"versionStartIncluding": "24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2023:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 22.13.64344, Platform Build 22.0",
"versionStartIncluding": "22.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2023:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 23.7.18957, Platform Build 23.0.",
"versionStartIncluding": "23.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-06-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T22:23:43.384Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35249"
}
],
"title": "Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-35249",
"datePublished": "2024-06-11T17:00:06.410Z",
"dateReserved": "2024-05-14T20:14:47.410Z",
"dateUpdated": "2025-12-17T22:23:43.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35248 (GCVE-0-2024-35248)
Vulnerability from nvd – Published: 2024-06-11 17:00 – Updated: 2025-12-17 22:23
VLAI?
Title
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Summary
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Severity ?
CWE
- CWE-1390 - Weak Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics 365 Business Central 2023 Release Wave 1 |
Affected:
22.0.0 , < Application Build 22.13.64344, Platform Build 22.0
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T03:55:47.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:07:46.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 22.13.64344, Platform Build 22.0",
"status": "affected",
"version": "22.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 23.7.18957, Platform Build 23.0.",
"status": "affected",
"version": "23.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2024 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 24.1.19498, Platform Build 24.0.",
"status": "affected",
"version": "24.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2023:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 22.13.64344, Platform Build 22.0",
"versionStartIncluding": "22.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2023:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 23.7.18957, Platform Build 23.0.",
"versionStartIncluding": "23.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2024:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 24.1.19498, Platform Build 24.0.",
"versionStartIncluding": "24.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-06-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1390",
"description": "CWE-1390: Weak Authentication",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T22:23:42.802Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35248"
}
],
"title": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-35248",
"datePublished": "2024-06-11T17:00:05.663Z",
"dateReserved": "2024-05-14T20:14:47.410Z",
"dateUpdated": "2025-12-17T22:23:42.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-21380 (GCVE-0-2024-21380)
Vulnerability from nvd – Published: 2024-02-13 18:02 – Updated: 2025-05-03 01:37
VLAI?
Title
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
Summary
Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics 365 Business Central 2022 Release Wave 2 |
Affected:
21.0.0 , < Application Build 21.16.63199, Platform Build 21.0
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:20:40.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21380"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T18:41:20.437790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T18:01:02.522Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 21.16.63199, Platform Build 21.0",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 22.10.63195, Platform Build 22.0",
"status": "affected",
"version": "22.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 23.4.15715, Platform Build 23.0.",
"status": "affected",
"version": "23.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 21.16.63199, Platform Build 21.0",
"versionStartIncluding": "21.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 22.10.63195, Platform Build 22.0",
"versionStartIncluding": "22.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 23.4.15715, Platform Build 23.0.",
"versionStartIncluding": "23.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-02-13T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T01:37:39.965Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21380"
}
],
"title": "Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-21380",
"datePublished": "2024-02-13T18:02:43.563Z",
"dateReserved": "2023-12-08T22:45:20.452Z",
"dateUpdated": "2025-05-03T01:37:39.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38167 (GCVE-0-2023-38167)
Vulnerability from nvd – Published: 2023-08-08 17:08 – Updated: 2025-02-27 21:07
VLAI?
Title
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Summary
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Microsoft Dynamics 365 Business Central 2023 Release Wave 1 |
Affected:
22.0.0 , < Application Build 22.4.59134, Platform Build 22.0.
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:30:14.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38167"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38167",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:53:44.256323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T21:07:18.969Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 22.4.59134, Platform Build 22.0.",
"status": "affected",
"version": "22.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 22.4.59134, Platform Build 22.0.",
"versionStartIncluding": "22.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-08-08T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T01:59:02.417Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38167"
}
],
"title": "Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-38167",
"datePublished": "2023-08-08T17:08:45.147Z",
"dateReserved": "2023-07-12T23:41:45.862Z",
"dateUpdated": "2025-02-27T21:07:18.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41127 (GCVE-0-2022-41127)
Vulnerability from nvd – Published: 2022-12-13 00:00 – Updated: 2025-07-22 17:49
VLAI?
Title
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
Summary
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
Severity ?
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2016 |
Affected:
1.0 , < Build 52203
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Build 52203",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Build 30712",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Build 49497",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2015",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "52204",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central Spring 2019 Update",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 14.43.49498, Platform Build 14.0.49494",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 15.17.48428, Platform Build 15.0.48",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 17.17.38111, Platform Build 17.0.38061",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 16.19.35126, Platform Build 16.35120",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 20.8.49971, Platform Build 20.0.49947",
"status": "affected",
"version": "20.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 19.14.49970, Platform Build 19.0.49925",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 21.2.49990, Platform Build 21.0.49984",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 18.18.46920, Platform Build 18.0.46905",
"status": "affected",
"version": "18.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2013 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "52297",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "Build 52203",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2017:*:*:*:*:*:*:*:*",
"versionEndExcluding": "Build 30712",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2018:*:*:*:*:*:*:*:*",
"versionEndExcluding": "Build 49497",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2015:*:*:*:*:*:*:*:*",
"versionEndExcluding": "52204",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2019:*:spring_update:*:*:*:*:*:*",
"versionEndExcluding": "App Build 14.43.49498, Platform Build 14.0.49494",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2019:*:release_wave_2:*:*:on-premise:*:*:*",
"versionEndExcluding": "App Build 15.17.48428, Platform Build 15.0.48",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2020:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "App Build 17.17.38111, Platform Build 17.0.38061",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2020:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 16.19.35126, Platform Build 16.35120",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 20.8.49971, Platform Build 20.0.49947",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2021:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "App Build 19.14.49970, Platform Build 19.0.49925",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "App Build 21.2.49990, Platform Build 21.0.49984",
"versionStartIncluding": "21.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2021:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "App Build 18.18.46920, Platform Build 18.0.46905",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav_2013_R2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "52297",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-12-13T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T17:49:27.342Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
}
],
"title": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41127",
"datePublished": "2022-12-13T00:00:00",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2025-07-22T17:49:27.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41066 (GCVE-0-2022-41066)
Vulnerability from nvd – Published: 2022-11-09 00:00 – Updated: 2025-01-02 21:31
VLAI?
Title
Microsoft Business Central Information Disclosure Vulnerability
Summary
Microsoft Business Central Information Disclosure Vulnerability
Severity ?
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2018 |
Affected:
1.0 , < 49345
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:35:49.089Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Business Central Information Disclosure Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "49345",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central Spring 2019 Update",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 14.42.49347, Platform Build 14.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 21.1.48638, Platform Build 21.0.",
"status": "affected",
"version": "21.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 20.7.48483, Platform Build 20.0.",
"status": "affected",
"version": "20.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 21.2.49990, Platform Build 21.0",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:dynamics_nav:*:*:*:*:*:*:*:*",
"versionEndExcluding": "49345",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:spring_update:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 14.42.49347, Platform Build 14.0",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 21.1.48638, Platform Build 21.0.",
"versionStartIncluding": "21.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_1:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 20.7.48483, Platform Build 20.0.",
"versionStartIncluding": "20.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*",
"versionEndExcluding": "Application Build 21.2.49990, Platform Build 21.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-11-08T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Business Central Information Disclosure Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T21:31:52.861Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Business Central Information Disclosure Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
}
],
"title": "Microsoft Business Central Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-41066",
"datePublished": "2022-11-09T00:00:00",
"dateReserved": "2022-09-19T00:00:00",
"dateUpdated": "2025-01-02T21:31:52.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40440 (GCVE-0-2021-40440)
Vulnerability from nvd – Published: 2021-09-15 11:24 – Updated: 2024-08-04 02:44
VLAI?
Title
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Summary
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics 365 Business Central 2020 Release Wave 2 – Update 17.10 |
Affected:
17.0.0.0 , < App Build 17.10.29463, Platform Build 17.0.29460
(custom)
cpe:2.3:a:microsoft:dynamics_365_business_central:2020:update_17.10:release_wave_2:*:*:*:*:* |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40440"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:update_17.10:release_wave_2:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2 \u2013 Update 17.10",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 17.10.29463, Platform Build 17.0.29460",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2021:update_18.5:release_wave_1:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 1 - Update 18.5",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "App Build 18.5.29545, Platform Build 18.0.29486",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-14T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T19:37:23.149Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40440"
}
],
"title": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-40440",
"datePublished": "2021-09-15T11:24:25",
"dateReserved": "2021-09-02T00:00:00",
"dateUpdated": "2024-08-04T02:44:10.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36946 (GCVE-0-2021-36946)
Vulnerability from nvd – Published: 2021-08-12 18:12 – Updated: 2024-08-04 01:09
VLAI?
Title
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Summary
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Severity ?
CWE
- Spoofing
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Dynamics NAV 2017 |
Affected:
1.0 , < 30601
(custom)
cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:* |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:09:07.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2017",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "30601",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics NAV 2018",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "47562",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Dynamics 365 Business Central Spring 2019 Update",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 14.27.47563, Platform Build 14.0",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 17.9.28504, Platform Build 17.0.",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.15",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "Application Build 16.15.28500, Platform Build 16.0",
"status": "affected",
"version": "16.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-10T07:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T19:54:01.481Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"
}
],
"title": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-36946",
"datePublished": "2021-08-12T18:12:34",
"dateReserved": "2021-07-19T00:00:00",
"dateUpdated": "2024-08-04T01:09:07.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}