CVE-2022-41066: Microsoft Business Central Information Disclosure Vulnerability
Overview
- Severity
- Medium (CVSS 4.4)
- CVSS Vector
- CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
- Category
- Information Disclosure
- Exploit Status
- Not Exploited
- Exploitation Likelihood
- Less Likely
- Patch Tuesday
- 2022-Nov
- Released
- 2022-11-08
- Last Updated
- 2022-11-10
- EPSS Score
- 2.27% (percentile: 84.7%)
FAQ
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.
According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.
What type of information could be disclosed by this vulnerability?
An attacker who successfully exploited this vulnerability could use it to view integration secrets that are owned by a different partner.
Affected Products (5)
Microsoft Dynamics
- Microsoft Dynamics NAV 2018
- Dynamics 365 Business Central Spring 2019 Update
- Microsoft Dynamics 365 Business Central 2022 Release Wave 2
- Microsoft Dynamics 365 Business Central 2022 Release Wave 1
- Microsoft Dynamics 365 Business Central 2021 Release Wave 2
Security Updates (5)
Revision History
- 2022-11-08: Information published.
- 2022-11-10: In the Security Updates table, added the following supported editions of Microsoft Dynamics as they are affected by this vulnerability: Microsoft Dynamics NAV 2018, Microsoft Dynamics 365 Business Central Spring 2019, Dynamics 365 Business Central 2021 Release Wave 2, and Dynamics 365 Business Central 2022 Release Wave 2. Microsoft strongly recommends that customers install the November updates to be fully protected from this vulnerability.