Main Vulnerability Database Vulnerabilities #VU79152

Permissions, Privileges, and Access Controls in Microsoft Dynamics 365 Business Central - CVE-2023-38167

Published: August 8, 2023

Vulnerability identifier: #VU79152

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-38167

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Dynamics 365 Business Central

Software vendor:
Microsoft

Description

The vulnerability allows a remote administrator to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Microsoft Dynamics Business Central, which leads to security restrictions bypass and privilege escalation.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-38167

Permissions, Privileges, and Access Controls in Microsoft Dynamics 365 Business Central - CVE-2023-38167

Description

Remediation

External links

Please verify you're human