Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability
CVE-2023-38167

7.2HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Dynamics 365 Business Central 2023 Release Wave 1
Vendor: CVE Published:; 8 August 2023

What is CVE-2023-38167?

An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Business Central that allows an attacker to gain elevated access to resources and functionalities within the application. Exploitation of this vulnerability could enable unauthorized users to manipulate sensitive information or perform actions beyond their intended permissions. Organizations utilizing affected versions should promptly apply the appropriate security updates to mitigate potential risks.

Affected Version(s)

Microsoft Dynamics 365 Business Central 2023 Release Wave 1 Unknown 22.0.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jul 12, 2023