CVE-2022-41127 - Vulnerability Details - OpenCVE

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Dynamics 365 Business Central Dynamics Nav

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:::on-premise:::*
	cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update::::::
	cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1::::::
	cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2::::::
	cpe:2.3:a:microsoft:dynamics_365_business_central:2021:release_wave_1::::::
	cpe:2.3:a:microsoft:dynamics_365_business_central:2021:release_wave_2::::::
	cpe:2.3:a:microsoft:dynamics_365_business_central:2022:release_wave_1::::::
	cpe:2.3:a:microsoft:dynamics_nav:2016:::::::*
	cpe:2.3:a:microsoft:dynamics_nav:2017:::::::*
	cpe:2.3:a:microsoft:dynamics_nav:2018:::::::*

No data.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127

History

Thu, 02 Jan 2025 21:45:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:microsoft:dynamics_365_business_central:2022:release_wave_2:::::: cpe:2.3:a:microsoft:dynamics_nav:2013_R2:::::::* cpe:2.3:a:microsoft:dynamics_nav:2015:::::::*

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2022-12-13T00:00:00

Updated: 2025-01-02T21:36:33.003Z

Reserved: 2022-09-19T00:00:00

Link: CVE-2022-41127

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-12-13T19:15:12.337

Modified: 2024-11-21T07:22:40.220

Link: CVE-2022-41127

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41127", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "dateUpdated": "2025-01-02T21:36:33.003Z", "dateReserved": "2022-09-19T00:00:00", "datePublished": "2022-12-13T00:00:00"}, "containers": {"cna": {"title": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability", "datePublic": "2022-12-13T08:00:00+00:00", "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:dynamics_nav:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "Build 52203"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:dynamics_nav:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "Build 30712"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:dynamics_nav:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "Build 49497"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:dynamics_nav:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "52204"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:spring_update:*:*:*:*:*:*", "versionStartIncluding": "14.0.0", "versionEndExcluding": "App Build 14.43.49498, Platform Build 14.0.49494"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:on-premise:*:*:*", "versionStartIncluding": "15.0.0", "versionEndExcluding": "App Build 15.17.48428, Platform Build 15.0.48"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*", "versionStartIncluding": "17.0.0", "versionEndExcluding": "App Build 17.17.38111, Platform Build 17.0.38061"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_1:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "App Build 16.19.35126, Platform Build 16.35120"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_1:*:*:*:*:*:*", "versionStartIncluding": "20.0.0", "versionEndExcluding": "App Build 20.8.49971, Platform Build 20.0.49947"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*", "versionStartIncluding": "19.0.0", "versionEndExcluding": "App Build 19.14.49970, Platform Build 19.0.49925"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_2:*:*:*:*:*:*", "versionStartIncluding": "21.0.0", "versionEndExcluding": "App Build 21.2.49990, Platform Build 21.0.49984"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:*:release_wave_1:*:*:*:*:*:*", "versionStartIncluding": "18.0.0", "versionEndExcluding": "App Build 18.18.46920, Platform Build 18.0.46905"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:dynamics_nav:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "52297"}]}]}], "affected": [{"vendor": "Microsoft", "product": "Microsoft Dynamics NAV 2016", "platforms": ["Unknown"], "versions": [{"version": "1.0", "lessThan": "Build 52203", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Dynamics NAV 2017", "platforms": ["Unknown"], "versions": [{"version": "1.0", "lessThan": "Build 30712", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Dynamics NAV 2018", "platforms": ["Unknown"], "versions": [{"version": "1.0", "lessThan": "Build 49497", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Dynamics NAV 2015", "platforms": ["Unknown"], "versions": [{"version": "1.0", "lessThan": "52204", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Dynamics 365 Business Central Spring 2019 Update", "platforms": ["Unknown"], "versions": [{"version": "14.0.0", "lessThan": "App Build 14.43.49498, Platform Build 14.0.49494", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise)", "platforms": ["Unknown"], "versions": [{"version": "15.0.0", "lessThan": "App Build 15.17.48428, Platform Build 15.0.48", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2", "platforms": ["Unknown"], "versions": [{"version": "17.0.0", "lessThan": "App Build 17.17.38111, Platform Build 17.0.38061", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1", "platforms": ["Unknown"], "versions": [{"version": "16.0.0", "lessThan": "App Build 16.19.35126, Platform Build 16.35120", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1", "platforms": ["Unknown"], "versions": [{"version": "20.0.0", "lessThan": "App Build 20.8.49971, Platform Build 20.0.49947", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2", "platforms": ["Unknown"], "versions": [{"version": "19.0.0", "lessThan": "App Build 19.14.49970, Platform Build 19.0.49925", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2", "platforms": ["Unknown"], "versions": [{"version": "21.0.0", "lessThan": "App Build 21.2.49990, Platform Build 21.0.49984", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Dynamics 365 Business Central 2021 Release Wave 1", "platforms": ["Unknown"], "versions": [{"version": "18.0.0", "lessThan": "App Build 18.18.46920, Platform Build 18.0.46905", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Dynamics NAV 2013 R2", "platforms": ["Unknown"], "versions": [{"version": "1.0", "lessThan": "52297", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2025-01-02T21:36:33.003Z"}, "references": [{"name": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 8.5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:35:49.377Z"}, "title": "CVE Program Container", "references": [{"name": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:release_wave_2:*:*:on-premise:*:*:*", "matchCriteriaId": "3972FED2-131E-447F-B0D7-86BFEC57F018", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*", "matchCriteriaId": "344834A1-6BC8-41F1-A225-6051FAE857A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*", "matchCriteriaId": "F51A2D68-9B05-4565-8677-82761652876F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*", "matchCriteriaId": "BBA207FC-8ADA-4DA9-BCE5-5ABB51B1C2C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2021:release_wave_1:*:*:*:*:*:*", "matchCriteriaId": "039B9A4B-EF36-4EAC-BE4A-BAEFCD1B0145", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2021:release_wave_2:*:*:*:*:*:*", "matchCriteriaId": "53830264-2696-4A6C-ACFD-18FAA03B616B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2022:release_wave_1:*:*:*:*:*:*", "matchCriteriaId": "91B91E62-E8A6-40CC-8F9D-7277628CA4E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2016:*:*:*:*:*:*:*", "matchCriteriaId": "8C8981A2-51D0-4FCC-8326-F807E2CC0D53", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*", "matchCriteriaId": "6C147B08-82DF-4051-ACA4-B1ACEDB15FC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*", "matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability"}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Dynamics NAV y Microsoft Dynamics 365 Business Central (On Premises)."}], "id": "CVE-2022-41127", "lastModified": "2024-11-21T07:22:40.220", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "secure@microsoft.com", "type": "Secondary"}]}, "published": "2022-12-13T19:15:12.337", "references": [{"source": "secure@microsoft.com", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41127"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}