cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-43460,https://securityvulnerability.io/vulnerability/CVE-2024-43460,Dynamics 365 Business Central Elevation of Privilege Vulnerability,"An improper authorization vulnerability has been identified in Dynamics 365 Business Central, a cloud-based ERP solution from Microsoft. This vulnerability allows an authenticated attacker to escalate their privileges over a network, which could lead to unauthorized access to sensitive information or system functionalities. Users are advised to apply the latest security updates to mitigate the risk associated with this vulnerability.",Microsoft,Dynamics 365 Business Central Online,8.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-17T19:15:00.000Z,0
CVE-2024-38225,https://securityvulnerability.io/vulnerability/CVE-2024-38225,Elevation of Privilege Vulnerability,"An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Business Central, potentially allowing an attacker to gain unauthorized access to sensitive functionalities within the application. This vulnerability can be exploited by malicious individuals to manipulate the behavior of the application and access resources that should be restricted, compromising the integrity and confidentiality of the environment. It is essential for users of Dynamics 365 Business Central to apply the necessary patches released by Microsoft to mitigate the risk associated with this vulnerability. For more detailed information, refer to the Microsoft advisory.",Microsoft,"Microsoft Dynamics 365 Business Central 2023 Release Wave 1,Microsoft Dynamics 365 Business Central 2024 Release Wave 1,Microsoft Dynamics 365 Business Central 2023 Release Wave 2",9.8,CRITICAL,0.0014199999859556556,false,,false,false,false,,,false,false,,2024-09-10T16:53:56.595Z,0
CVE-2024-35249,https://securityvulnerability.io/vulnerability/CVE-2024-35249,Remote Code Execution Vulnerability Affects Microsoft Dynamics 365 Business Central,"The vulnerability in Microsoft Dynamics 365 Business Central enables remote code execution, allowing attackers to potentially execute arbitrary code on the server hosting the application. This risk arises due to improper validation of user input, which may be exploited to gain control over affected installations. Organizations utilizing Microsoft Dynamics 365 Business Central should assess their systems and apply necessary updates to mitigate this vulnerability. For detailed information and mitigation strategies, refer to the Microsoft security advisory.",Microsoft,"Microsoft Dynamics 365 Business Central 2024 Release Wave 1,Microsoft Dynamics 365 Business Central 2023 Release Wave 1,Microsoft Dynamics 365 Business Central 2023 Release Wave 2",8.8,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-06-11T17:00:06.410Z,0
CVE-2024-35248,https://securityvulnerability.io/vulnerability/CVE-2024-35248,Elevation of Privilege Vulnerability Affects Business Central,"The vulnerability within Microsoft Dynamics 365 Business Central pertains to an elevation of privilege, which may allow attackers to gain unauthorized access to sensitive functionalities of the application. This situation arises from improper validation of user permissions, enabling exploiters to perform actions that they are otherwise not authorized to carry out. It is essential for users and administrators to assess their deployments and take necessary mitigation steps to safeguard their environments from potential exploitation.",Microsoft,"Microsoft Dynamics 365 Business Central 2023 Release Wave 1,Microsoft Dynamics 365 Business Central 2023 Release Wave 2,Microsoft Dynamics 365 Business Central 2024 Release Wave 1",7.3,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-06-11T17:00:05.663Z,0
CVE-2024-21380,https://securityvulnerability.io/vulnerability/CVE-2024-21380,Information Disclosure Vulnerability,"An information disclosure vulnerability exists in Microsoft Dynamics Business Central and NAV, which can potentially expose sensitive data to unauthorized users. This vulnerability stems from improper handling of user requests, allowing an attacker to gain access to confidential information. Organizations utilizing these platforms should take immediate action to assess their system configurations and apply relevant security updates to mitigate the risks associated with this vulnerability.",Microsoft,"Microsoft Dynamics 365 Business Central 2022 Release Wave 2,Microsoft Dynamics 365 Business Central 2023 Release Wave 1,Microsoft Dynamics 365 Business Central 2023 Release Wave 2",8,HIGH,0.0035099999513477087,false,,false,false,false,,,false,false,,2024-02-13T18:02:43.563Z,0
CVE-2023-38167,https://securityvulnerability.io/vulnerability/CVE-2023-38167,Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability,An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Business Central that allows an attacker to gain elevated access to resources and functionalities within the application. Exploitation of this vulnerability could enable unauthorized users to manipulate sensitive information or perform actions beyond their intended permissions. Organizations utilizing affected versions should promptly apply the appropriate security updates to mitigate potential risks.,Microsoft,Microsoft Dynamics 365 Business Central 2023 Release Wave 1,7.2,HIGH,0.00046999999904073775,false,,false,false,false,,,false,false,,2023-08-08T18:15:00.000Z,0
CVE-2022-41127,https://securityvulnerability.io/vulnerability/CVE-2022-41127,Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability,Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability,Microsoft,"Microsoft Dynamics Nav 2016,Microsoft Dynamics Nav 2017,Microsoft Dynamics Nav 2018,Microsoft Dynamics Nav 2015,Dynamics 365 Business Central Spring 2019 Update,Dynamics 365 Business Central 2019 Release Wave 2 (on-premise),Microsoft Dynamics 365 Business Central 2020 Release Wave 2,Microsoft Dynamics 365 Business Central 2020 Release Wave 1,Microsoft Dynamics 365 Business Central 2022 Release Wave 1,Microsoft Dynamics 365 Business Central 2021 Release Wave 2,Microsoft Dynamics 365 Business Central 2022 Release Wave 2,Microsoft Dynamics 365 Business Central 2021 Release Wave 1,Microsoft Dynamics Nav 2013 R2",8.5,HIGH,0.004240000154823065,false,,false,false,false,,,false,false,,2022-12-13T00:00:00.000Z,0
CVE-2022-41066,https://securityvulnerability.io/vulnerability/CVE-2022-41066,Microsoft Business Central Information Disclosure Vulnerability,Microsoft Business Central Information Disclosure Vulnerability,Microsoft,"Microsoft Dynamics Nav 2018,Dynamics 365 Business Central Spring 2019 Update,Microsoft Dynamics 365 Business Central 2022 Release Wave 2,Microsoft Dynamics 365 Business Central 2022 Release Wave 1,Microsoft Dynamics 365 Business Central 2021 Release Wave 2",4.4,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2022-11-09T00:00:00.000Z,0
CVE-2021-40440,https://securityvulnerability.io/vulnerability/CVE-2021-40440,Microsoft Dynamics Business Central Cross-site Scripting Vulnerability,Microsoft Dynamics Business Central Cross-site Scripting Vulnerability,Microsoft,"Microsoft Dynamics 365 Business Central 2020 Release Wave 2 – Update 17.10,Microsoft Dynamics 365 Business Central 2021 Release Wave 1 - Update 18.5",5.4,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2021-09-15T11:24:25.000Z,0
CVE-2021-36946,https://securityvulnerability.io/vulnerability/CVE-2021-36946,Microsoft Dynamics Business Central Cross-site Scripting Vulnerability,Microsoft Dynamics Business Central Cross-site Scripting Vulnerability,Microsoft,"Microsoft Dynamics Nav 2017,Microsoft Dynamics Nav 2018,Dynamics 365 Business Central Spring 2019 Update,Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.9,Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.15",5.4,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2021-08-12T18:12:34.000Z,0
CVE-2021-34474,https://securityvulnerability.io/vulnerability/CVE-2021-34474,Dynamics Business Central Remote Code Execution Vulnerability,Dynamics Business Central Remote Code Execution Vulnerability,Microsoft,"Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.14,Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.8,Microsoft Dynamics 365 Business Central 2021 Release Wave 1 - Update 18.3",8,HIGH,0.01874000020325184,false,,false,false,false,,,false,false,,2021-07-14T17:54:04.000Z,0
CVE-2021-1724,https://securityvulnerability.io/vulnerability/CVE-2021-1724,Microsoft Dynamics Business Central Cross-site Scripting Vulnerability,Microsoft Dynamics Business Central Cross-site Scripting Vulnerability,Microsoft,"Microsoft Dynamics Nav 2018,Microsoft Dynamics 365 Business Central 2020 Release Wave 1,Dynamics 365 Business Central 2019 Release Wave 2 (on-premise),Microsoft Dynamics Nav 2017,Microsoft Dynamics 365 Business Central 2020 Release Wave 2,Microsoft Dynamics Nav 2015,Microsoft Dynamics Nav 2016",6.1,MEDIUM,0.0010499999625608325,false,,false,false,false,,,false,false,,2021-02-25T23:01:27.000Z,0
CVE-2020-1022,https://securityvulnerability.io/vulnerability/CVE-2020-1022,,"A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.",Microsoft,"Microsoft Dynamics Nav 2015,Microsoft Dynamics 365 Bc On Premise,Microsoft Dynamics Nav 2018,Microsoft Dynamics Nav 2013,Microsoft Dynamics Nav 2016,Microsoft Dynamics Nav 2017,Dynamics 365 Business Central 2019 Release Wave 2 (on-premise),Dynamics 365 Business Central 2019 Spring Update",8,HIGH,0.03265000134706497,false,,false,false,false,,,false,false,,2020-04-15T15:13:28.000Z,0
CVE-2020-1018,https://securityvulnerability.io/vulnerability/CVE-2020-1018,,"An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.",Microsoft,"Microsoft Dynamics Nav 2016,Microsoft Dynamics Nav 2017,Microsoft Dynamics Nav 2018,Microsoft Dynamics Nav 2015,Microsoft Dynamics 365 Bc On Premise,Dynamics 365 Business Central 2019 Spring Update",7.5,HIGH,0.012040000408887863,false,,false,false,false,,,false,false,,2020-04-15T15:13:27.000Z,0
CVE-2020-0905,https://securityvulnerability.io/vulnerability/CVE-2020-0905,,"An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.",Microsoft,"Microsoft Dynamics Nav 2018,Microsoft Dynamics Nav 2015,Microsoft Dynamics 365 Bc On Premise,Dynamics 365 Business Central 2019 Spring Update,Dynamics 365 Business Central 2019 Release Wave 2 (on-premise),Microsoft Dynamics Nav 2016,Microsoft Dynamics Nav 2017,Microsoft Dynamics Nav 2013",8,HIGH,0.03265000134706497,false,,false,false,false,,,false,false,,2020-03-12T15:48:59.000Z,0