Remote Code Execution Vulnerability Affects Microsoft Dynamics 365 Business Central
CVE-2024-35249

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Dynamics 365 Business Central 2024 Release Wave 1; Microsoft Dynamics 365 Business Central 2023 Release Wave 1; Microsoft Dynamics 365 Business Central 2023 Release Wave 2
Vendor: CVE Published:; 11 June 2024

Summary

The vulnerability in Microsoft Dynamics 365 Business Central enables remote code execution, allowing attackers to potentially execute arbitrary code on the server hosting the application. This risk arises due to improper validation of user input, which may be exploited to gain control over affected installations. Organizations utilizing Microsoft Dynamics 365 Business Central should assess their systems and apply necessary updates to mitigate this vulnerability. For detailed information and mitigation strategies, refer to the Microsoft security advisory.

Affected Version(s)

Microsoft Dynamics 365 Business Central 2023 Release Wave 1 Unknown 22.0.0

Microsoft Dynamics 365 Business Central 2023 Release Wave 2 Unknown 23.0.0

Microsoft Dynamics 365 Business Central 2024 Release Wave 1 Unknown 24.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
May 14, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed