CVE-2024-35249

2024-06-1117:16:02

CWE-502

[email protected]

web.nvd.nist.gov

microsoft dynamics 365

business central

remote code execution

vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

40.9%

JSON

Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability

Affected configurations

Nvd

Node

microsoftdynamics_365_business_centralMatch2023release_wave_1

microsoftdynamics_365_business_centralMatch2023release_wave_2

microsoftdynamics_365_business_centralMatch2024release_wave_1

VendorProductVersionCPE
microsoftdynamics_365_business_central2023cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_1:*:*:*:*:*:*
microsoftdynamics_365_business_central2023cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_2:*:*:*:*:*:*
microsoftdynamics_365_business_central2024cpe:2.3:a:microsoft:dynamics_365_business_central:2024:release_wave_1:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	dynamics_365_business_central	2023	cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_1::::::
microsoft	dynamics_365_business_central	2023	cpe:2.3:a:microsoft:dynamics_365_business_central:2023:release_wave_2::::::
microsoft	dynamics_365_business_central	2024	cpe:2.3:a:microsoft:dynamics_365_business_central:2024:release_wave_1::::::