Elevation of Privilege Vulnerability
CVE-2024-38225

9.8CRITICAL

Summary

An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Business Central, potentially allowing an attacker to gain unauthorized access to sensitive functionalities within the application. This vulnerability can be exploited by malicious individuals to manipulate the behavior of the application and access resources that should be restricted, compromising the integrity and confidentiality of the environment. It is essential for users of Dynamics 365 Business Central to apply the necessary patches released by Microsoft to mitigate the risk associated with this vulnerability. For more detailed information, refer to the Microsoft advisory.

Affected Version(s)

Microsoft Dynamics 365 Business Central 2023 Release Wave 1 Unknown 22.0.0

Microsoft Dynamics 365 Business Central 2023 Release Wave 2 Unknown 23.0.0

Microsoft Dynamics 365 Business Central 2024 Release Wave 1 Unknown 24.0

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed
.