Skip to main content

Dynamics 365 Business Central CVE-2024-35249

HIGH
Deserialization of Untrusted Data (CWE-502)
2024-06-11 secure@microsoft.com
8.8
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jun 11, 2024 - 17:16 cve.org
HIGH 8.8

DescriptionCVE.org

Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability

AnalysisAI

Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Technical ContextAI

This vulnerability is classified as Deserialization of Untrusted Data (CWE-502), which allows attackers to execute arbitrary code through malicious serialized objects. Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability Affected products include: Microsoft Dynamics 365 Business Central.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Avoid deserializing untrusted data. Use safe serialization formats (JSON). Implement integrity checks and type allowlists.

CVE-2024-38225 CRITICAL
9.8 Sep 10

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this v

CVE-2024-43460 HIGH
8.8 Sep 17

Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacke

CVE-2022-41127 HIGH
8.5 Dec 13

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability. Ra

CVE-2024-21380 HIGH
8.0 Feb 13

Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability. Rated high severity (CVSS 8.0), this vulne

CVE-2021-34474 HIGH
8.0 Jul 14

Dynamics Business Central Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is rem

CVE-2020-1022 HIGH
8.0 Apr 15

A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remo

CVE-2020-0905 HIGH
8.0 Mar 12

An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Rem

CVE-2020-1018 HIGH
7.5 Apr 15

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly

CVE-2024-35248 HIGH
7.3 Jun 11

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulne

CVE-2023-38167 HIGH
7.2 Aug 08

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulne

CVE-2021-1724 MEDIUM
6.1 Feb 25

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability. Rated medium severity (CVSS 6.1), this vulnerabi

CVE-2021-40440 MEDIUM
5.4 Sep 15

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerabi

Share

CVE-2024-35249 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy