CVE-2024-35248

2024-06-1117:16:02

CWE-1390

CWE-287

[email protected]

web.nvd.nist.gov

microsoft dynamics 365

elevation of privilege

vulnerability

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

39.4%

JSON

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

Affected configurations

Nvd

Node

microsoftdynamics_365_business_centralMatch2023release_wave_1

microsoftdynamics_365_business_centralMatch2023release_wave_2

microsoftdynamics_365_business_centralMatch2024release_wave_1

VendorProductVersionCPE
microsoftdynamics_365_business_central2023cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_1:*:*:*:*:*:*
microsoftdynamics_365_business_central2023cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_2:*:*:*:*:*:*
microsoftdynamics_365_business_central2024cpe:2.3:a:microsoft:dynamics_365_business_central:2024:release_wave_1:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	dynamics_365_business_central	2023	cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_1::::::
microsoft	dynamics_365_business_central	2023	cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_2::::::
microsoft	dynamics_365_business_central	2024	cpe:2.3:a:microsoft:dynamics_365_business_central:2024:release_wave_1::::::