Description
Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
Published: 2024-09-17
Score: 8.1 High
EPSS: 2.5% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-40729 Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
History

Wed, 25 Feb 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft .dynamics 365 Business Central Online
CPEs cpe:2.3:a:microsoft:.dynamics_365_business_central_online:*:*:*:*:*:*:*:*
Vendors & Products Microsoft .dynamics 365 Business Central Online

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.03261}

 epss

{'score': 0.03805}

Tue, 31 Dec 2024 23:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:microsoft:.dynamics_365_business_central_online:*:*:*:*:*:*:*:*
Vendors & Products Microsoft .dynamics 365 Business Central Online

Wed, 25 Sep 2024 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft dynamics 365 Business Central
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:microsoft:dynamics_365_business_central:-:-:*:*:*:*:*:*
Vendors & Products Microsoft dynamics 365 Business Central

Wed, 18 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Description Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.
Title Dynamics 365 Business Central Elevation of Privilege Vulnerability
First Time appeared Microsoft
Microsoft .dynamics 365 Business Central Online
Weaknesses CWE-285
CPEs cpe:2.3:a:microsoft:.dynamics_365_business_central_online:*:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft .dynamics 365 Business Central Online
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C'}

Subscriptions

Microsoft .dynamics 365 Business Central Online Dynamics 365 Business Central
cve-icon MITRE

Status: PUBLISHED

Assigner: microsoft

Published:

Updated: 2024-12-31T23:03:27.545Z

Reserved: 2024-08-14T01:08:33.515Z

Link: CVE-2024-43460

cve-icon Vulnrichment

Updated: 2024-09-17T20:08:10.406Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-17T19:15:27.500

Modified: 2024-09-25T19:18:53.350

Link: CVE-2024-43460

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses