OpenCVE

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Dynamics 365 Business Central Dynamics Nav

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update::::::
	cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1::::::
	cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2::::::
	cpe:2.3:a:microsoft:dynamics_nav:2017:::::::*
	cpe:2.3:a:microsoft:dynamics_nav:2018:::::::*

No data.

References

Link	Providers
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2021-08-12T18:12:34

Updated: 2024-08-04T01:09:07.223Z

Reserved: 2021-07-19T00:00:00

Link: CVE-2021-36946

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-08-12T18:15:10.110

Modified: 2024-11-21T06:14:21.487

Link: CVE-2021-36946

Redhat

No data.

{"containers": {"cna": {"title": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability", "datePublic": "2021-08-10T07:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "Microsoft Dynamics NAV 2017", "cpes": ["cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "1.0", "lessThan": "30601", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Dynamics NAV 2018", "cpes": ["cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "1.0", "lessThan": "47562", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Dynamics 365 Business Central Spring 2019 Update", "cpes": ["cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "14.0.0", "lessThan": "Application Build 14.27.47563, Platform Build 14.0", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.9", "cpes": ["cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "17.0", "lessThan": "Application Build 17.9.28504, Platform Build 17.0.", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.15", "cpes": ["cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "16.0", "lessThan": "Application Build 16.15.28500, Platform Build 16.0", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Spoofing", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2023-12-28T19:54:01.481Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:09:07.223Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2021-36946", "datePublished": "2021-08-12T18:12:34", "dateReserved": "2021-07-19T00:00:00", "dateUpdated": "2024-08-04T01:09:07.223Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*", "matchCriteriaId": "344834A1-6BC8-41F1-A225-6051FAE857A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_1:*:*:*:*:*:*", "matchCriteriaId": "F51A2D68-9B05-4565-8677-82761652876F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central:2020:release_wave_2:*:*:*:*:*:*", "matchCriteriaId": "BBA207FC-8ADA-4DA9-BCE5-5ABB51B1C2C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2017:*:*:*:*:*:*:*", "matchCriteriaId": "6C147B08-82DF-4051-ACA4-B1ACEDB15FC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*", "matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Dynamics Business Central Cross-site Scripting Vulnerability"}, {"lang": "es", "value": "Una Vulnerabilidad de tipo Cross-site Scripting en Microsoft Dynamics Business Central"}], "id": "CVE-2021-36946", "lastModified": "2024-11-21T06:14:21.487", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2021-08-12T18:15:10.110", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36946"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}