CVE-2023-38167

2023-08-0818:15:22

CWE-284

microsoft

web.nvd.nist.gov

cve-2023-38167

microsoft

dynamics

business central

elevation of privilege

vulnerability

nvd

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

39.8%

JSON

Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability

Affected configurations

Nvd

Vulners

Node

microsoftdynamics_365_business_centralMatch2023release_wave_1

VendorProductVersionCPE
microsoftdynamics_365_business_central2023cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_1:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	dynamics_365_business_central	2023	cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_1::::::

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft Dynamics 365 Business Central 2023 Release Wave 1",
    "cpes": [
      "cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_1:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "22.0.0",
        "lessThan": "Application Build 22.4.59134, Platform Build 22.0.",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]