Skip to main content

Dynamics 365 Business Central CVE-2024-21380

HIGH
Information Exposure (CWE-200)
2024-02-13 secure@microsoft.com
8.0
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
8.0 HIGH
AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 13, 2024 - 18:15 cve.org
HIGH 8.0

DescriptionCVE.org

Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability

AnalysisAI

Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability Affected products include: Microsoft Dynamics 365 Business Central.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2024-38225 CRITICAL
9.8 Sep 10

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this v

CVE-2024-43460 HIGH
8.8 Sep 17

Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacke

CVE-2024-35249 HIGH
8.8 Jun 11

Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulner

CVE-2022-41127 HIGH
8.5 Dec 13

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability. Ra

CVE-2021-34474 HIGH
8.0 Jul 14

Dynamics Business Central Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is rem

CVE-2020-1022 HIGH
8.0 Apr 15

A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remo

CVE-2020-0905 HIGH
8.0 Mar 12

An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Rem

CVE-2020-1018 HIGH
7.5 Apr 15

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly

CVE-2024-35248 HIGH
7.3 Jun 11

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulne

CVE-2023-38167 HIGH
7.2 Aug 08

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulne

CVE-2021-1724 MEDIUM
6.1 Feb 25

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability. Rated medium severity (CVSS 6.1), this vulnerabi

CVE-2021-40440 MEDIUM
5.4 Sep 15

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerabi

Share

CVE-2024-21380 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy