Lucene search
K
MicrosoftDynamics 365 Business Central

15 matches found

CVE
CVE
added 2024/02/13 6:2 p.m.207 views

CVE-2024-21380

CVE-2024-21380 is a Microsoft Dynamics 365 Business Central/NAV information disclosure vulnerability. The CVSS v3.1 score is 8.0 (Network, high attack complexity; privileges required: Low; user interaction required; changed scope). It can lead to access to sensitive data and potential data integr...

8CVSS8.3AI score0.01725EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.156 views

CVE-2022-41127

CVE-2022-41127 affects Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central On‑Premises. Descriptions in connected docs confirm a remote code execution vulnerability and that Microsoft released updates to fix it (e.g., Update 16.19 for BC 2020 Wave 1, Update 17.17 for BC 2020 Wave 2...

8.5CVSS8.5AI score0.0157EPSS
CVE
CVE
added 2023/08/08 5:8 p.m.148 views

CVE-2023-38167

CVE-2023-38167 is an elevation-of-privilege vulnerability affecting Microsoft Dynamics 365 Business Central (2023 Release Wave 1) as documented by multiple sources. The issue is reported as enabling an attacker with high privileges to obtain elevated rights (impact: high; CVSS 3.1: AV:N/AC:L/PR:H...

7.2CVSS7AI score0.01248EPSS
CVE
CVE
added 2021/07/14 5:54 p.m.138 views

CVE-2021-34474

CVE-2021-34474 is a remote code execution vulnerability in Microsoft Dynamics 365 Business Central. Public data shows exploitable via network with no user interaction; impact is high (C/C/I/A) and the attack requires high privileges (per CVSS 3.1 vector). The issue affects Dynamics 365 Business C...

8CVSS8AI score0.01858EPSS
CVE
CVE
added 2021/08/12 6:12 p.m.138 views

CVE-2021-36946

CVE-2021-36946 is a Cross-site Scripting (XSS) vulnerability in Microsoft Dynamics Business Central (and related NAV products in linked updates). The connected docs confirm the issue, with references to Microsoft Dynamics BC NAV exposure and multiple security updates in 2021 that address the XSS ...

5.4CVSS5.5AI score0.0095EPSS
CVE
CVE
added 2020/03/12 3:48 p.m.120 views

CVE-2020-0905

CVE-2020-0905 is a remote code execution vulnerability in Microsoft Dynamics Business Central (and Dynamics NAV) via deserialization in the Role-Tailored Client that could allow an attacker to execute arbitrary shell commands on a vulnerable system. Multiple connected sources corroborate an RCE r...

8CVSS8AI score0.10838EPSS
CVE
CVE
added 2020/04/15 3:13 p.m.120 views

CVE-2020-1018

CVE-2020-1018 concerns Microsoft Dynamics 365 Business Central/NAV on-premises where masked fields shown on a chart page are not properly hidden, exposing information that should be concealed. The info-disclosure vulnerability stems from the rendering of masked content in the Windows client; the ...

7.5CVSS7AI score0.06158EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.102 views

CVE-2024-38225

CVE-2024-38225 affects Microsoft Dynamics 365 Business Central with an Elevation of Privilege vulnerability. Connected sources confirm impact and remediation via Microsoft updates (Wave 1 24.4, Wave 2 23.10). CVSS details in NVD/Microsoft advisories show high/critical scores and network/low compl...

9.8CVSS9.1AI score0.01362EPSS
CVE
CVE
added 2021/09/15 11:24 a.m.100 views

CVE-2021-40440

CVE-2021-40440 is a cross-site scripting (XSS) vulnerability affecting Microsoft Dynamics 365 Business Central (notably 2020 Release Wave 2 Update 17.10 and 2021 Release Wave 1 Update 18.5). The issue allows arbitrary script execution in the browser when visiting the Dynamics BC Control, as descr...

5.4CVSS5.5AI score0.0093EPSS
CVE
CVE
added 2020/04/15 3:13 p.m.99 views

CVE-2020-1022

CVE-2020-1022 is a documented remote code execution vulnerability affecting Microsoft Dynamics 365 Business Central (and NAV variants). The connected Red Hat/Qualys/Nessus entries corroborate an RCE impacting Dynamics BC/NAV, with patch guidance referencing CVE-2020-1022 (e.g., Update 15.5 for BC...

8CVSS8AI score0.06831EPSS
CVE
CVE
added 2021/02/25 11:1 p.m.97 views

CVE-2021-1724

CVE-2021-1724 corresponds to a Cross-site Scripting vulnerability in Microsoft Dynamics Business Central. The connected data confirms an XSS issue caused by improper validation of user-supplied input in the web-facing Links and Notes feature, which authenticated attackers can exploit by crafting ...

6.1CVSS6AI score0.01178EPSS
CVE
CVE
added 2024/06/11 5:0 p.m.90 views

CVE-2024-35248

Summary of CVE-2024-35248 context : This is an Elevation of Privilege vulnerability reported in Microsoft Dynamics 365 Business Central . The entry is corroborated by multiple sources in the Connected documents including official MS security guidance and update references. Several Microsoft Knowl...

7.3CVSS7.2AI score0.00945EPSS
CVE
CVE
added 2024/06/11 5:0 p.m.82 views

CVE-2024-35249

CVE-2024-35249 corresponds to a remote code execution vulnerability in Microsoft Dynamics 365 Business Central. Based on the provided documents, the issue affects Dynamics 365 Business Central (no specific vulnerable module/version is named in the sources beyond the product family). The CVE is ra...

8.8CVSS8.8AI score0.03401EPSS
CVE
CVE
added 2024/09/17 6:15 p.m.71 views

CVE-2024-43460

CVE-2024-43460 affects Microsoft Dynamics 365 Business Central Online. The vulnerability arises from improper authorization, allowing an authenticated attacker to elevate privileges over the network. The issue impacts the Dynamics 365 Business Central component handling access control, enabling p...

8.8CVSS8AI score0.00714EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.36 views

CVE-2026-40417

Technical details are not publicly available in the provided documents. Monitor for updates.

7.8CVSS5.8AI score0.00272EPSS