CVE-2021-1724: Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

Overview

Severity: Medium (CVSS 6.1)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C
Category: Spoofing
Exploit Status: Not Exploited
Exploitation Likelihood: Less Likely
Patch Tuesday: 2021-Feb
Released: 2021-02-09
EPSS Score: 0.95% (percentile: 76.3%)

Affected Products (7)

Microsoft Dynamics

Microsoft Dynamics NAV 2018
Microsoft Dynamics 365 Business Central 2020 Release Wave 1
Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)
Microsoft Dynamics NAV 2017
Microsoft Dynamics 365 Business Central 2020 Release Wave 2
Microsoft Dynamics NAV 2015
Microsoft Dynamics NAV 2016

Security Updates (7)

Acknowledgments

Piotr Cielas@EY

Revision History

2021-02-09: Information published.