Elevation of Privilege Vulnerability Affects Business Central
CVE-2024-35248

7.3HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Dynamics 365 Business Central 2023 Release Wave 1; Microsoft Dynamics 365 Business Central 2023 Release Wave 2; Microsoft Dynamics 365 Business Central 2024 Release Wave 1
Vendor: CVE Published:; 11 June 2024

Summary

The vulnerability within Microsoft Dynamics 365 Business Central pertains to an elevation of privilege, which may allow attackers to gain unauthorized access to sensitive functionalities of the application. This situation arises from improper validation of user permissions, enabling exploiters to perform actions that they are otherwise not authorized to carry out. It is essential for users and administrators to assess their deployments and take necessary mitigation steps to safeguard their environments from potential exploitation.

Affected Version(s)

Microsoft Dynamics 365 Business Central 2023 Release Wave 1 Unknown 22.0.0

Microsoft Dynamics 365 Business Central 2023 Release Wave 2 Unknown 23.0.0

Microsoft Dynamics 365 Business Central 2024 Release Wave 1 Unknown 24.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
May 14, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed