CVE-2021-34474 — Microsoft Dynamics 365 Business Central 2020 Release Wave 1 Update 16.14 vulnerability

4 documents4 sources

Severity

7.2HIGHNVD

CNA8.0

EPSS

1.6%

top 18.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

4

Microsoft Dynamics 365 Business Central 2020 Release Wave 1 Update 16.14 Microsoft Dynamics 365 Business Central 2020 Release Wave 2 Update 17.8 Microsoft Dynamics 365 Business Central 2021 Release Wave 1 Update 18.3 +1 more

Timeline

PublishedJul 14

Latest updateMay 24

Description

Dynamics Business Central Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5microsoft/microsoft_dynamics_365_business_central_2020_release_wave_2_update_17.817.0 — Application: 17.8.27267, Platform: 17.0.27235

▶CVEListV5microsoft/microsoft_dynamics_365_business_central_2021_release_wave_1_update_18.318.0 — Application: 18.3.27480, Platform: 18.0.27469

▶CVEListV5microsoft/microsoft_dynamics_365_business_central_2020_release_wave_1_update_16.1416.0 — Application: 16.14.27266, Platform: 16.0.27253

▶NVDmicrosoft/dynamics_365_business_central2020, 2021+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-x2h5-v5cw-xpq3: Dynamics Business Central Remote Code Execution Vulnerability↗2022-05-24

▶

CVEList

Dynamics Business Central Remote Code Execution Vulnerability↗2021-07-14

▶

📋Vendor Advisories

1

Microsoft

Dynamics Business Central Remote Code Execution Vulnerability↗2021-07-13

▶

CVE-2021-34474 — Microsoft vulnerability | cvebase