Detections
Analytics
Security Updates for Microsoft Dynamics 365 Business Central (February 2024)
high Nessus Plugin ID 190546
Language:
Synopsis
The Microsoft Dynamics 365 Business Central install is missing a security update.Description
The Microsoft Dynamics 365 Business Central install is missing a security update. It is, therefore, affected by an information disclosure vulnerability. A remote, authenticated attacker, by inducing another user to access a compromised URL and winning a race condition, can to read, modify and delete sensitive user data.Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.
Solution
Update Microsoft Dynamics 365 Business Central to 21.16 for 2022 Release Wave 2, 22.10 for 2023 Release Wave 1, 23.4 for 2023 Release Wave 2 or later.See Also
https://support.microsoft.com/en-us/help/5035205
https://support.microsoft.com/en-us/help/5035206
https://support.microsoft.com/en-us/help/5035207
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21380
Plugin Details
Severity: High
ID: 190546
File Name: smb_nt_ms24_feb_microsoft_dynamics_365_bc.nasl
Version: 1.3
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 2/14/2024
Updated: 3/15/2024
Supported Sensors: Frictionless Assessment Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.1
CVSS v2
Risk Factor: High
Base Score: 7.1
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2024-21380
CVSS v3
Risk Factor: High
Base Score: 8
Temporal Score: 7
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:microsoft:dynamics_365
Required KB Items: installed_sw/Microsoft Dynamics 365 Business Central Server
Exploit Ease: No known exploits are available
Patch Publication Date: 2/13/2024
Vulnerability Publication Date: 2/13/2024
Reference Information
CVE: CVE-2024-21380