cvelistv5 - cve-2022-41127

CVE-2022-41127 (GCVE-0-2022-41127)

Vulnerability from cvelistv5

Published

2022-12-13 00:00

Modified

2025-07-22 17:49

Severity ?

8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Remote Code Execution

Summary

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability

References

►

URL

Tags

	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127
	af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127

Impacted products

Vendor

Product

Version

►

Microsoft

Microsoft Dynamics NAV 2016

Version: 1.0 < Build 52203

Microsoft	Microsoft Dynamics NAV 2017	Version: 1.0 < Build 30712
Microsoft	Microsoft Dynamics NAV 2018	Version: 1.0 < Build 49497
Microsoft	Microsoft Dynamics NAV 2015	Version: 1.0 < 52204
Microsoft	Dynamics 365 Business Central Spring 2019 Update	Version: 14.0.0 < App Build 14.43.49498, Platform Build 14.0.49494
Microsoft	Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)	Version: 15.0.0 < App Build 15.17.48428, Platform Build 15.0.48
Microsoft	Microsoft Dynamics 365 Business Central 2020 Release Wave 2	Version: 17.0.0 < App Build 17.17.38111, Platform Build 17.0.38061
Microsoft	Microsoft Dynamics 365 Business Central 2020 Release Wave 1	Version: 16.0.0 < App Build 16.19.35126, Platform Build 16.35120
Microsoft	Microsoft Dynamics 365 Business Central 2022 Release Wave 1	Version: 20.0.0 < App Build 20.8.49971, Platform Build 20.0.49947
Microsoft	Microsoft Dynamics 365 Business Central 2021 Release Wave 2	Version: 19.0.0 < App Build 19.14.49970, Platform Build 19.0.49925
Microsoft	Microsoft Dynamics 365 Business Central 2022 Release Wave 2	Version: 21.0.0 < App Build 21.2.49990, Platform Build 21.0.49984
Microsoft	Microsoft Dynamics 365 Business Central 2021 Release Wave 1	Version: 18.0.0 < App Build 18.18.46920, Platform Build 18.0.46905
Microsoft	Microsoft Dynamics NAV 2013 R2	Version: 1.0 < 52297

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:35:49.377Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Dynamics NAV 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "Build 52203",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Dynamics NAV 2017",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "Build 30712",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Dynamics NAV 2018",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "Build 49497",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Dynamics NAV 2015",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "52204",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Dynamics 365 Business Central Spring 2019 Update",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "App Build 14.43.49498, Platform Build 14.0.49494",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "App Build 15.17.48428, Platform Build 15.0.48",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "App Build 17.17.38111, Platform Build 17.0.38061",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "App Build 16.19.35126, Platform Build 16.35120",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "App Build 20.8.49971, Platform Build 20.0.49947",
              "status": "affected",
              "version": "20.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "App Build 19.14.49970, Platform Build 19.0.49925",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "App Build 21.2.49990, Platform Build 21.0.49984",
              "status": "affected",
              "version": "21.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "App Build 18.18.46920, Platform Build 18.0.46905",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Dynamics NAV 2013 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "52297",
              "status": "affected",
              "version": "1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:dynamics_nav_2016:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "Build 52203",
                  "versionStartIncluding": "1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:dynamics_nav_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "Build 30712",
                  "versionStartIncluding": "1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:dynamics_nav_2018:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "Build 49497",
                  "versionStartIncluding": "1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:dynamics_nav_2015:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "52204",
                  "versionStartIncluding": "1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2019:*:spring_update:*:*:*:*:*:*",
                  "versionEndExcluding": "App Build 14.43.49498, Platform Build 14.0.49494",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2019:*:release_wave_2:*:*:on-premise:*:*:*",
                  "versionEndExcluding": "App Build 15.17.48428, Platform Build 15.0.48",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2020:*:release_wave_2:*:*:*:*:*:*",
                  "versionEndExcluding": "App Build 17.17.38111, Platform Build 17.0.38061",
                  "versionStartIncluding": "17.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2020:*:release_wave_1:*:*:*:*:*:*",
                  "versionEndExcluding": "App Build 16.19.35126, Platform Build 16.35120",
                  "versionStartIncluding": "16.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:release_wave_1:*:*:*:*:*:*",
                  "versionEndExcluding": "App Build 20.8.49971, Platform Build 20.0.49947",
                  "versionStartIncluding": "20.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2021:*:release_wave_2:*:*:*:*:*:*",
                  "versionEndExcluding": "App Build 19.14.49970, Platform Build 19.0.49925",
                  "versionStartIncluding": "19.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:release_wave_2:*:*:*:*:*:*",
                  "versionEndExcluding": "App Build 21.2.49990, Platform Build 21.0.49984",
                  "versionStartIncluding": "21.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2021:*:release_wave_1:*:*:*:*:*:*",
                  "versionEndExcluding": "App Build 18.18.46920, Platform Build 18.0.46905",
                  "versionStartIncluding": "18.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:dynamics_nav_2013_R2:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "52297",
                  "versionStartIncluding": "1.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2022-12-13T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-22T17:49:27.342Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
        }
      ],
      "title": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-41127",
    "datePublished": "2022-12-13T00:00:00",
    "dateReserved": "2022-09-19T00:00:00",
    "dateUpdated": "2025-07-22T17:49:27.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-41127\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2022-12-13T19:15:12.337\",\"lastModified\":\"2024-11-21T07:22:40.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Dynamics NAV y Microsoft Dynamics 365 Business Central (On Premises).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:on-premise:*:*:*\",\"matchCriteriaId\":\"3972FED2-131E-447F-B0D7-86BFEC57F018\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*\",\"matchCriteriaId\":\"344834A1-6BC8-41F1-A225-6051FAE857A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F51A2D68-9B05-4565-8677-82761652876F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBA207FC-8ADA-4DA9-BCE5-5ABB51B1C2C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_365_business_central:2021:release_wave_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"039B9A4B-EF36-4EAC-BE4A-BAEFCD1B0145\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_365_business_central:2021:release_wave_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"53830264-2696-4A6C-ACFD-18FAA03B616B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_365_business_central:2022:release_wave_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"91B91E62-E8A6-40CC-8F9D-7277628CA4E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C8981A2-51D0-4FCC-8326-F807E2CC0D53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C147B08-82DF-4051-ACA4-B1ACEDB15FC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA8EA7FF-BEE3-47A5-B711-83191CBFCE40\"}]}]}],\"references\":[{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

fkie_cve-2022-41127

Vulnerability from fkie_nvd

Published

2022-12-13 19:15

Modified

2024-11-21 07:22

Severity ?

8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability

References

▶	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127
	af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127

Impacted products

Vendor	Product	Version
microsoft	dynamics_365_business_central	2019
microsoft	dynamics_365_business_central	2019
microsoft	dynamics_365_business_central	2020
microsoft	dynamics_365_business_central	2020
microsoft	dynamics_365_business_central	2021
microsoft	dynamics_365_business_central	2021
microsoft	dynamics_365_business_central	2022
microsoft	dynamics_nav	2016
microsoft	dynamics_nav	2017
microsoft	dynamics_nav	2018

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:on-premise:*:*:*",
              "matchCriteriaId": "3972FED2-131E-447F-B0D7-86BFEC57F018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*",
              "matchCriteriaId": "344834A1-6BC8-41F1-A225-6051FAE857A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*",
              "matchCriteriaId": "F51A2D68-9B05-4565-8677-82761652876F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*",
              "matchCriteriaId": "BBA207FC-8ADA-4DA9-BCE5-5ABB51B1C2C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2021:release_wave_1:*:*:*:*:*:*",
              "matchCriteriaId": "039B9A4B-EF36-4EAC-BE4A-BAEFCD1B0145",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2021:release_wave_2:*:*:*:*:*:*",
              "matchCriteriaId": "53830264-2696-4A6C-ACFD-18FAA03B616B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2022:release_wave_1:*:*:*:*:*:*",
              "matchCriteriaId": "91B91E62-E8A6-40CC-8F9D-7277628CA4E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C8981A2-51D0-4FCC-8326-F807E2CC0D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C147B08-82DF-4051-ACA4-B1ACEDB15FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Dynamics NAV y Microsoft Dynamics 365 Business Central (On Premises)."
    }
  ],
  "id": "CVE-2022-41127",
  "lastModified": "2024-11-21T07:22:40.220",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 6.0,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-13T19:15:12.337",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2022-41127

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability

Aliases

CVE-2022-41127

Aliases

CVE-2022-41127

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-41127",
    "id": "GSD-2022-41127"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-41127"
      ],
      "details": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability",
      "id": "GSD-2022-41127",
      "modified": "2023-12-13T01:19:32.921981Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2022-41127",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Dynamics NAV 2016",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "1.0",
                          "version_value": "Build 52203"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics NAV 2017",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "1.0",
                          "version_value": "Build 30712"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics NAV 2018",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "1.0",
                          "version_value": "Build 49497"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics NAV 2015",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "1.0",
                          "version_value": "52204"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Dynamics 365 Business Central Spring 2019 Update",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "14.0.0",
                          "version_value": "App Build 14.43.49498, Platform Build 14.0.49494"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "15.0.0",
                          "version_value": "App Build 15.17.48428, Platform Build 15.0.48"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "17.0.0",
                          "version_value": "App Build 17.17.38111, Platform Build 17.0.38061"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "16.0.0",
                          "version_value": "App Build 16.19.35126, Platform Build 16.35120"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "20.0.0",
                          "version_value": "App Build 20.8.49971, Platform Build 20.0.49947"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "19.0.0",
                          "version_value": "App Build 19.14.49970, Platform Build 19.0.49925"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "21.0.0",
                          "version_value": "App Build 21.2.49990, Platform Build 21.0.49984"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics 365 Business Central 2021 Release Wave 1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "18.0.0",
                          "version_value": "App Build 18.18.46920, Platform Build 18.0.46905"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics NAV 2013 R2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "1.0",
                          "version_value": "52297"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Remote Code Execution"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127",
            "refsource": "MISC",
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:on-premise:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:2021:release_wave_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:2022:release_wave_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:2021:release_wave_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2022-41127"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127",
              "refsource": "MISC",
              "tags": [],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2023-03-10T19:15Z",
      "publishedDate": "2022-12-13T19:15Z"
    }
  }
}

wid-sec-w-2022-2306

Vulnerability from csaf_certbund

Published

2022-12-13 23:00

Modified

2022-12-13 23:00

Summary

Microsoft Dynamics: Schwachstelle ermöglichen Codeausführung

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Microsoft Dynamics 365 ist eine All-in-One-Unternehmensmanagementlösung. Microsoft Dynamics NAV ist eine Standardsoftware für ERP-Systeme.

Angriff

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Microsoft Dynamics ausnutzen, um beliebigen Programmcode auszuführen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Microsoft Dynamics 365 ist eine All-in-One-Unternehmensmanagementl\u00f6sung.\r\nMicrosoft Dynamics NAV ist eine Standardsoftware f\u00fcr ERP-Systeme.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Microsoft Dynamics ausnutzen, um beliebigen Programmcode auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2022-2306 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2306.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2022-2306 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2306"
      },
      {
        "category": "external",
        "summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2022-12-13",
        "url": "https://msrc.microsoft.com/update-guide"
      }
    ],
    "source_lang": "en-US",
    "title": "Microsoft Dynamics: Schwachstelle erm\u00f6glichen Codeausf\u00fchrung",
    "tracking": {
      "current_release_date": "2022-12-13T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:39:49.171+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2022-2306",
      "initial_release_date": "2022-12-13T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2022-12-13T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1",
                "product": {
                  "name": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1",
                  "product_id": "T019773",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:dynamics_365:business_central_2020_release_wave_1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2",
                "product": {
                  "name": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2",
                  "product_id": "T019774",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:dynamics_365:business_central_2020_release_wave_2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Dynamics 365 Business Central 2021 Release Wave 1",
                "product": {
                  "name": "Microsoft Dynamics 365 Business Central 2021 Release Wave 1",
                  "product_id": "T019775",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:dynamics_365:business_central_2021_release_wave_1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
                "product": {
                  "name": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
                  "product_id": "T025253",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:dynamics_365:business_central_2022_release_wave_1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Dynamics 365 Business Central 2019 Release Wave 2",
                "product": {
                  "name": "Microsoft Dynamics 365 Business Central 2019 Release Wave 2",
                  "product_id": "T025571",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:dynamics_365:business_central_2019_release_wave_2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
                "product": {
                  "name": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
                  "product_id": "T025572",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:dynamics_365:business_central_2021_release_wave_2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
                "product": {
                  "name": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
                  "product_id": "T025573",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:dynamics_365:business_central_2022_release_wave_2"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Microsoft Dynamics 365 Business Central Spring 2019 Update",
                "product": {
                  "name": "Microsoft Dynamics 365 Business Central Spring 2019 Update",
                  "product_id": "T025574",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:microsoft:dynamics_365:business_central_spring_2019_update"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Dynamics 365"
          },
          {
            "category": "product_name",
            "name": "Microsoft Dynamics NAV 2016",
            "product": {
              "name": "Microsoft Dynamics NAV 2016",
              "product_id": "T016051",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:dynamics_nav_2016:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Dynamics NAV 2017",
            "product": {
              "name": "Microsoft Dynamics NAV 2017",
              "product_id": "T016050",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:dynamics_nav_2017:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Microsoft Dynamics NAV 2018",
            "product": {
              "name": "Microsoft Dynamics NAV 2018",
              "product_id": "T016049",
              "product_identification_helper": {
                "cpe": "cpe:/a:microsoft:dynamics_nav_2018:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-41127",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Microsoft Dynamics. Der Fehler ist noch nicht im Detail beschrieben. Ein entfernter authentisierter Angreifer kann diese Schwachstelle zur Ausf\u00fchrung von beliebigem Code ausnutzen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T019775",
          "T019774",
          "T016051",
          "T016050",
          "T016049",
          "T025253",
          "T025572",
          "T025571",
          "T019773",
          "T025574",
          "T025573"
        ]
      },
      "release_date": "2022-12-13T23:00:00.000+00:00",
      "title": "CVE-2022-41127"
    }
  ]
}

ghsa-wj3j-9c8f-9hvm

Vulnerability from github

Published

2022-12-13 21:30

Modified

2022-12-13 21:30

Severity ?

8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-41127"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-13T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability.",
  "id": "GHSA-wj3j-9c8f-9hvm",
  "modified": "2022-12-13T21:30:26Z",
  "published": "2022-12-13T21:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41127"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41127"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-41127 (GCVE-0-2022-41127)

Vulnerability from cvelistv5

fkie_cve-2022-41127

Vulnerability from fkie_nvd

gsd-2022-41127

Vulnerability from gsd

wid-sec-w-2022-2306

Vulnerability from csaf_certbund

ghsa-wj3j-9c8f-9hvm

Vulnerability from github

Tags

Sightings

Nomenclature