CVE-2024-38225 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

2024-09-1016:53:56

CWE-287

microsoft

www.cve.org

cve-2024

microsoft dynamics 365

elevation of privilege

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

EPSS

0.002

Percentile

58.1%

JSON

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 1",
    "cpes": [
      "cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_1:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "22.0.0",
        "lessThan": "App Build 22.16.64731, Platform Build 22.0.64727",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Dynamics 365 Business Central 2024 Release Wave 1",
    "cpes": [
      "cpe:2.3:a:microsoft:dynamics_365_business_central:2024:release_wave_1:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "24.0",
        "lessThan": "App Build 23.10.22604, Platform Build 23.0.22561",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 2",
    "cpes": [
      "cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_2:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "23.0.0",
        "lessThan": "App Build 24.4. 22925, Platform Build 24.0. 22865",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]