Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.SMB_NT_MS22_NOV_MICROSOFT_DYNAMICS_365_BC.NASL
HistoryNov 10, 2022 - 12:00 a.m.

Security Updates for Microsoft Dynamics 365 Business Central (November 2022)

2022-11-1000:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
JSON

The Microsoft Dynamics 365 Business Central install is missing a security update. It is, therefore, affected by an information disclosure vulnerability. A remote attacker with admin privileges can exploit this vulnerability to view integration secrets owned by a different partner.

Note that Nessus has not attempted to exploit this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(167247);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/05");

  script_cve_id("CVE-2022-41066");
  script_xref(name:"MSKB", value:"5021002");
  script_xref(name:"MSFT", value:"MS22-5021002");
  script_xref(name:"IAVA", value:"2022-A-0475-S");

  script_name(english:"Security Updates for Microsoft Dynamics 365 Business Central (November 2022)");

  script_set_attribute(attribute:"synopsis", value:
"The Microsoft Dynamics 365 Business Central install is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The Microsoft Dynamics 365 Business Central install is missing a security update. It is, therefore, affected by an
information disclosure vulnerability. A remote attacker with admin privileges can exploit this vulnerability to
view integration secrets owned by a different partner.

Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported
version number.");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5021002");
  script_set_attribute(attribute:"solution", value:
"Update Microsoft Dynamics 365 Business Central to 20.7 for 2022 Release Wave 1, or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:M/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-41066");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/11/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:dynamics_365");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("microsoft_dynamics_365_business_central_server_win_installed.nbin");
  script_require_keys("installed_sw/Microsoft Dynamics 365 Business Central Server");
  script_require_ports(139, 445);

  exit(0);
}

include('vcf.inc');

var app = 'Microsoft Dynamics 365 Business Central Server';

var app_info = vcf::get_app_info(app:app, win_local:TRUE);

var constraints = [
  { 'min_version' : '20.0', 'fixed_version' : '20.0.48457.0', 'fixed_display' : 'Update 20.7 for Microsoft Dynamics 365 Business Central 2022 Release Wave 1' }
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING
);
VendorProductVersionCPE
microsoftdynamics_365cpe:/a:microsoft:dynamics_365

Related

mskb 5
prion 1
mscve 1
kaspersky 1
cve 1
rapid7blog 1
mskb
mskb
Update 21.1 for Microsoft Dynamics 365 Business Central (on-premises) 2022 Release Wave 2 (Application Build 21.1.48638, Platform Build 21.0.48504)
2022-11-08 08:00:00
Cumulative Update 41 for Microsoft Dynamics 365 Business Central April'19 on-premises (Application Build 14.42.49347, Platform Build 14.0.49339)
2022-11-08 08:00:00
Update 19.13 for Microsoft Dynamics 365 Business Central (on-premises) 2021 Release Wave 2 (Application Build 19.13.48486, Platform Build 19.0.48446)
2022-11-08 08:00:00
prion
prion
Information disclosure
2022-11-09 22:15:00
mscve
mscve
Microsoft Business Central Information Disclosure Vulnerability
2022-11-08 08:00:00
kaspersky
kaspersky
KLA20041 OSI vulnerability in Microsoft Dynamics
2022-11-08 00:00:00
cve
cve
CVE-2022-41066
2022-11-09 22:15:00
rapid7blog
rapid7blog
Patch Tuesday - November 2022
2022-11-08 20:02:57
JSON
Related for SMB_NT_MS22_NOV_MICROSOFT_DYNAMICS_365_BC.NASL
mskb5prion1mscve1kaspersky1cve1rapid7blog1