CVE-2024-35248

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

CVSS 7.3 HIGHEPSS 0.9%CWE-1390

In short

A flaw in Microsoft Dynamics 365 Business Central allows an authenticated user to gain higher privileges than they should have. This could let someone access sensitive business data or perform actions they're not supposed to.

Technical detail

An elevation of privilege vulnerability in Dynamics 365 Business Central permits authenticated attackers to escalate their user permissions beyond their assigned role. The vulnerability affects the privilege management mechanism (CWE-1390), potentially enabling unauthorized access to sensitive business operations and data.

Summary generated and translated by AI from the official description.

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C

Affected products

Microsoft · Microsoft Dynamics 365 Business Central 2023 Release Wave 1 Microsoft · Microsoft Dynamics 365 Business Central 2023 Release Wave 2 Microsoft · Microsoft Dynamics 365 Business Central 2024 Release Wave 1

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35248