CVE-2021-36946 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

🗓️ 12 Aug 2021 18:12:34Reported by microsoftType

Microsoft Dynamics Business Central XSS Vulnerability CVE-2021-3694

Reporter	Title	Published	Views	Family All 22
BDU FSTEC	The vulnerability of the Microsoft Dynamics 365 Business Central and integrated enterprise management system for small and medium-sized businesses lies in the lack of security measures for the website structure. This allows attackers to perform cross-site scripting attacks.	8 Sep 202100:00	–	bdu_fstec
Circl	CVE-2021-36946	12 Aug 202122:40	–	circl
CNNVD	Microsoft Dynamics 跨站脚本漏洞	10 Aug 202100:00	–	cnnvd
CVE	CVE-2021-36946	12 Aug 202118:12	–	cve
EUVD	EUVD-2021-23522	7 Oct 202500:30	–	euvd
Microsoft KB	Cumulative Update 56 for Microsoft Dynamics NAV 2017 (Build 30601)	10 Aug 202107:00	–	mskb
Microsoft KB	Cumulative Update 43 for Microsoft Dynamics NAV 2018 (Build 47562)	10 Aug 202107:00	–	mskb
Microsoft KB	Cumulative Update 26 for Microsoft Dynamics 365 Business Central April'19 on-premises (Application Build 14.27.47563, Platform Build 14.0.47540)	10 Aug 202107:00	–	mskb
Microsoft KB	Update 16.15 for Microsoft Dynamics 365 Business Central 2020 Release Wave 1 (Application Build 16.15.28500, Platform Build 16.0.28457)	10 Aug 202107:00	–	mskb
Microsoft KB	Update 17.9 for Microsoft Dynamics 365 Business Central 2020 Release Wave 2 (Application Build 17.9.28504, Platform Build 17.0.28458)	10 Aug 202107:00	–	mskb

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft Dynamics NAV 2017",
    "cpes": [
      "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0",
        "lessThan": "30601",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Dynamics NAV 2018",
    "cpes": [
      "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "1.0",
        "lessThan": "47562",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Dynamics 365 Business Central Spring 2019 Update",
    "cpes": [
      "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "14.0.0",
        "lessThan": "Application Build 14.27.47563, Platform Build 14.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.9",
    "cpes": [
      "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "17.0",
        "lessThan": "Application Build 17.9.28504, Platform Build 17.0.",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.15",
    "cpes": [
      "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "16.0",
        "lessThan": "Application Build 16.15.28500, Platform Build 16.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946

28 Dec 2023 19:54Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.15.4

EPSS0.0095