15 matches found
CVE-2024-21380
CVE-2024-21380 is a Microsoft Dynamics 365 Business Central/NAV information disclosure vulnerability. The CVSS v3.1 score is 8.0 (Network, high attack complexity; privileges required: Low; user interaction required; changed scope). It can lead to access to sensitive data and potential data integr...
CVE-2022-41127
CVE-2022-41127 affects Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central On‑Premises. Descriptions in connected docs confirm a remote code execution vulnerability and that Microsoft released updates to fix it (e.g., Update 16.19 for BC 2020 Wave 1, Update 17.17 for BC 2020 Wave 2...
CVE-2023-38167
CVE-2023-38167 is an elevation-of-privilege vulnerability affecting Microsoft Dynamics 365 Business Central (2023 Release Wave 1) as documented by multiple sources. The issue is reported as enabling an attacker with high privileges to obtain elevated rights (impact: high; CVSS 3.1: AV:N/AC:L/PR:H...
CVE-2021-34474
CVE-2021-34474 is a remote code execution vulnerability in Microsoft Dynamics 365 Business Central. Public data shows exploitable via network with no user interaction; impact is high (C/C/I/A) and the attack requires high privileges (per CVSS 3.1 vector). The issue affects Dynamics 365 Business C...
CVE-2021-36946
CVE-2021-36946 is a Cross-site Scripting (XSS) vulnerability in Microsoft Dynamics Business Central (and related NAV products in linked updates). The connected docs confirm the issue, with references to Microsoft Dynamics BC NAV exposure and multiple security updates in 2021 that address the XSS ...
CVE-2020-0905
CVE-2020-0905 is a remote code execution vulnerability in Microsoft Dynamics Business Central (and Dynamics NAV) via deserialization in the Role-Tailored Client that could allow an attacker to execute arbitrary shell commands on a vulnerable system. Multiple connected sources corroborate an RCE r...
CVE-2020-1018
CVE-2020-1018 concerns Microsoft Dynamics 365 Business Central/NAV on-premises where masked fields shown on a chart page are not properly hidden, exposing information that should be concealed. The info-disclosure vulnerability stems from the rendering of masked content in the Windows client; the ...
CVE-2024-38225
CVE-2024-38225 affects Microsoft Dynamics 365 Business Central with an Elevation of Privilege vulnerability. Connected sources confirm impact and remediation via Microsoft updates (Wave 1 24.4, Wave 2 23.10). CVSS details in NVD/Microsoft advisories show high/critical scores and network/low compl...
CVE-2021-40440
CVE-2021-40440 is a cross-site scripting (XSS) vulnerability affecting Microsoft Dynamics 365 Business Central (notably 2020 Release Wave 2 Update 17.10 and 2021 Release Wave 1 Update 18.5). The issue allows arbitrary script execution in the browser when visiting the Dynamics BC Control, as descr...
CVE-2020-1022
CVE-2020-1022 is a documented remote code execution vulnerability affecting Microsoft Dynamics 365 Business Central (and NAV variants). The connected Red Hat/Qualys/Nessus entries corroborate an RCE impacting Dynamics BC/NAV, with patch guidance referencing CVE-2020-1022 (e.g., Update 15.5 for BC...
CVE-2021-1724
CVE-2021-1724 corresponds to a Cross-site Scripting vulnerability in Microsoft Dynamics Business Central. The connected data confirms an XSS issue caused by improper validation of user-supplied input in the web-facing Links and Notes feature, which authenticated attackers can exploit by crafting ...
CVE-2024-35248
Summary of CVE-2024-35248 context : This is an Elevation of Privilege vulnerability reported in Microsoft Dynamics 365 Business Central . The entry is corroborated by multiple sources in the Connected documents including official MS security guidance and update references. Several Microsoft Knowl...
CVE-2024-35249
CVE-2024-35249 corresponds to a remote code execution vulnerability in Microsoft Dynamics 365 Business Central. Based on the provided documents, the issue affects Dynamics 365 Business Central (no specific vulnerable module/version is named in the sources beyond the product family). The CVE is ra...
CVE-2024-43460
CVE-2024-43460 affects Microsoft Dynamics 365 Business Central Online. The vulnerability arises from improper authorization, allowing an authenticated attacker to elevate privileges over the network. The issue impacts the Dynamics 365 Business Central component handling access control, enabling p...
CVE-2026-40417
Technical details are not publicly available in the provided documents. Monitor for updates.