Vulnerability in Microsoft Dynamics_365_business_central
CVE-2022-41127
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
EPSS: 0.016 (72.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Microsoft Dynamics_365_business_central — versions 2019, 2020, 2021
- Microsoft Dynamics 365 Business Central 2019 Release Wave 2 (On-premise) — versions 15.0.0
- Microsoft Dynamics 365 Business Central Spring 2019 Update — versions 14.0.0
- Microsoft Dynamics_nav — versions 2016, 2017, 2018
- Microsoft Dynamics 365 Business Central 2020 Release Wave 1 — versions 16.0.0
- Microsoft Dynamics 365 Business Central 2020 Release Wave 2 — versions 17.0.0
- Microsoft Dynamics 365 Business Central 2021 Release Wave 1 — versions 18.0.0
- Microsoft Dynamics 365 Business Central 2021 Release Wave 2 — versions 19.0.0
- Microsoft Dynamics 365 Business Central 2022 Release Wave 1 — versions 20.0.0
- Microsoft Dynamics 365 Business Central 2022 Release Wave 2 — versions 21.0.0
References
- secure@microsoft.com (vendor-advisory)
Frequently asked questions
- What is CVE-2022-41127?
- CVE-2022-41127 is a high-severity vulnerability in Microsoft Dynamics_365_business_central. CVSS score: 8.5/10. Published 2022-12-13.
- How severe is CVE-2022-41127?
- High severity. CVSS v3 base score is 8.5 out of 10.