CVE-2022-41127

6 documents5 sources
Severity
8.5HIGH
EPSS
2.0%
top 16.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
Microsoft Dynamics 365 Business Central 2019 Release Wave 2 (on-premise)Microsoft Dynamics 365 Business Central Spring 2019 UpdateMicrosoft Microsoft Dynamics 365 Business Central 2020 Release Wave 1+12 more
Timeline
PublishedDec 13

Description

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages15 packages

CVEListV5microsoft/dynamics_365_business_central_spring_2019_update14.0.0App Build 14.43.49498, Platform Build 14.0.49494
CVEListV5microsoft/microsoft_dynamics_365_business_central_2020_release_wave_116.0.0App Build 16.19.35126, Platform Build 16.35120
CVEListV5microsoft/microsoft_dynamics_365_business_central_2020_release_wave_217.0.0App Build 17.17.38111, Platform Build 17.0.38061
CVEListV5microsoft/microsoft_dynamics_365_business_central_2021_release_wave_118.0.0App Build 18.18.46920, Platform Build 18.0.46905
CVEListV5microsoft/microsoft_dynamics_365_business_central_2021_release_wave_219.0.0App Build 19.14.49970, Platform Build 19.0.49925

🔴Vulnerability Details

2
GHSA
GHSA-wj3j-9c8f-9hvm: Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability2022-12-13
CVEList
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability2022-12-13

📋Vendor Advisories

1
Microsoft
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability2022-12-13
CVE-2022-41127 (HIGH CVSS 8.5) | Microsoft Dynamics NAV and Microsof | cvebase.io