cvelistv5 - CVE-2022-41066

CVE-2022-41066 (GCVE-0-2022-41066)

Vulnerability from cvelistv5

Published

2022-11-09 00:00

Modified

2025-01-02 21:31

Severity ?

4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Information Disclosure

Summary

Microsoft Business Central Information Disclosure Vulnerability

References

URL

fkie_cve-2022-41066

Vulnerability from fkie_nvd

Published

2022-11-09 22:15

Modified

2025-08-25 02:23

Severity ?

4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

Microsoft Business Central Information Disclosure Vulnerability

References

	URL	Tags
	secure@microsoft.com	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066	Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	dynamics_365_business_central_2019	*
microsoft	dynamics_365_business_central_2021	*
microsoft	dynamics_365_business_central_2022	*
microsoft	dynamics_365_business_central_2022	*
microsoft	dynamics_nav	2018

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B4AC243-AFB8-4735-B3BA-42677448216D",
              "versionEndExcluding": "14.42.49347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2021:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E97209C-6B3C-4E82-A788-239BBF042316",
              "versionEndIncluding": "19.18.54872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3527F043-462D-4EE9-88EA-F3805B5A882B",
              "versionEndExcluding": "20.7.48483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_365_business_central_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0F801EA-68D1-42AD-B956-BF3951E7ED1E",
              "versionEndExcluding": "21.1.48638",
              "versionStartIncluding": "21.1.48638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA8EA7FF-BEE3-47A5-B711-83191CBFCE40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Business Central Information Disclosure Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Microsoft Business Central"
    }
  ],
  "id": "CVE-2022-41066",
  "lastModified": "2025-08-25T02:23:53.953",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 3.6,
        "source": "secure@microsoft.com",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-11-09T22:15:21.070",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2022-41066

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Microsoft Business Central Information Disclosure Vulnerability

Aliases

CVE-2022-41066

Aliases

CVE-2022-41066

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-41066",
    "id": "GSD-2022-41066"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-41066"
      ],
      "details": "Microsoft Business Central Information Disclosure Vulnerability",
      "id": "GSD-2022-41066",
      "modified": "2023-12-13T01:19:32.419638Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2022-41066",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Dynamics NAV 2018",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "1.0",
                          "version_value": "49345"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Dynamics 365 Business Central Spring 2019 Update",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "14.0.0",
                          "version_value": "Application Build 14.42.49347, Platform Build 14.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "21.0.0",
                          "version_value": "Application Build 21.1.48638, Platform Build 21.0."
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "20.0.0",
                          "version_value": "Application Build 20.7.48483, Platform Build 20.0."
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "19.0.0",
                          "version_value": "Application Build 21.2.49990, Platform Build 21.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Business Central Information Disclosure Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066",
            "refsource": "MISC",
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:2019:spring_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_nav:2018:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:2022:release_wave_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:dynamics_365_business_central:2022:release_wave_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2022-41066"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Business Central Information Disclosure Vulnerability"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066",
              "refsource": "MISC",
              "tags": [],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.7,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-03-10T18:15Z",
      "publishedDate": "2022-11-09T22:15Z"
    }
  }
}

ghsa-33m5-rgm6-r8x3

Vulnerability from github

Published

2022-11-10 12:01

Modified

2022-11-10 12:01

Severity ?

4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

Microsoft Business Central Information Disclosure Vulnerability.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-41066"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-09T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Business Central Information Disclosure Vulnerability.",
  "id": "GHSA-33m5-rgm6-r8x3",
  "modified": "2022-11-10T12:01:08Z",
  "published": "2022-11-10T12:01:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41066"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41066"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance, une élévation de privilèges, une usurpation d'identité, un contournement de la fonctionnalité de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Dynamics NAV 2018
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.0
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft	N/A	Microsoft Dynamics 365 Business Central 2022 Release Wave 2
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.3
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.2
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 11
Microsoft	N/A	Microsoft Dynamics 365 Business Central 2022 Release Wave 1
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 22
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 23
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 32 bits
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour 64 bits Systems
Microsoft	N/A	Nuget 2.1.2
Microsoft	N/A	Dynamics 365 Business Central Spring 2019 Update
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 12
Microsoft	N/A	Nuget 4.8.5
Microsoft	N/A	Microsoft Dynamics 365 Business Central 2021 Release Wave 2

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 08 novembre 2022	None	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-39253 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41104 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41060 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41063 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41106 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41080 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41079 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41107 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41103 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41066 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41064 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41105 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41078 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41123 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41061 du 08 novembre 2022	-	other
Bulletin de sécurité Microsoft CVE-2022-41119 du 08 novembre 2022	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Dynamics NAV 2018",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 22",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft 365 Apps pour Enterprise pour 64 bits Systems",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuget 2.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Dynamics 365 Business Central Spring 2019 Update",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuget 4.8.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-41063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41063"
    },
    {
      "name": "CVE-2022-41105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41105"
    },
    {
      "name": "CVE-2022-41119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41119"
    },
    {
      "name": "CVE-2022-41061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41061"
    },
    {
      "name": "CVE-2022-41066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41066"
    },
    {
      "name": "CVE-2022-41064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41064"
    },
    {
      "name": "CVE-2022-41107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41107"
    },
    {
      "name": "CVE-2022-41123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41123"
    },
    {
      "name": "CVE-2022-41103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41103"
    },
    {
      "name": "CVE-2022-41079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41079"
    },
    {
      "name": "CVE-2022-41106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41106"
    },
    {
      "name": "CVE-2022-41060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41060"
    },
    {
      "name": "CVE-2022-41104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41104"
    },
    {
      "name": "CVE-2022-41078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41078"
    },
    {
      "name": "CVE-2022-41080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41080"
    },
    {
      "name": "CVE-2022-39253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
    }
  ],
  "initial_release_date": "2022-11-09T00:00:00",
  "last_revision_date": "2022-11-14T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-39253 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-39253"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41104 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41104"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41060 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41060"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41063 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41063"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41106 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41106"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41080 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41080"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41079 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41079"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41107 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41107"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41103 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41103"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41066 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41064 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41064"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41105 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41105"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41078 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41078"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41123 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41123"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41061 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41061"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41119 du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41119"
    }
  ],
  "reference": "CERTFR-2022-AVI-1015",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-09T00:00:00.000000"
    },
    {
      "description": "Ajout de syst\u00e8mes affect\u00e9s de la famille Microsoft Dynamics suite \u00e0 la mise \u00e0 jour du bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-41066 du 08 novembre 2022.",
      "revision_date": "2022-11-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, une \u00e9l\u00e9vation\nde privil\u00e8ges, une usurpation d\u0027identit\u00e9, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 novembre 2022",
      "url": "https://msrc.microsoft.com/update-guide/"
    }
  ]
}

msrc_cve-2022-41066

Vulnerability from csaf_microsoft

Published

2022-11-08 08:00

Modified

2022-11-10 08:00

Summary

Microsoft Business Central Information Disclosure Vulnerability

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Customer Action

Required. The vulnerability documented by this CVE requires customer action to resolve.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.microsoft.com/en-us/msrc/security-update-severity-rating-system",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      },
      {
        "category": "general",
        "text": "Required. The vulnerability documented by this CVE requires customer action to resolve.",
        "title": "Customer Action"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2022-41066 Microsoft Business Central Information Disclosure Vulnerability - HTML",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
      },
      {
        "category": "self",
        "summary": "CVE-2022-41066 Microsoft Business Central Information Disclosure Vulnerability - CSAF",
        "url": "https://msrc.microsoft.com/csaf/2022/msrc_cve-2022-41066.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Exploitability Index",
        "url": "https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Microsoft Business Central Information Disclosure Vulnerability",
    "tracking": {
      "current_release_date": "2022-11-10T08:00:00.000Z",
      "generator": {
        "date": "2025-01-02T21:31:19.598Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2022-41066",
      "initial_release_date": "2022-11-08T08:00:00.000Z",
      "revision_history": [
        {
          "date": "2022-11-08T08:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2022-11-10T08:00:00.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "In the Security Updates table, added the following supported editions of Microsoft Dynamics as they are affected by this vulnerability: Microsoft Dynamics NAV 2018, Microsoft Dynamics 365 Business Central Spring 2019, Dynamics 365 Business Central 2021 Release Wave 2,  and Dynamics 365 Business Central 2022 Release Wave 2. Microsoft strongly recommends that customers install the November updates to be fully protected from this vulnerability."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003c49345",
            "product": {
              "name": "Microsoft Dynamics NAV 2018 \u003c49345",
              "product_id": "5"
            }
          },
          {
            "category": "product_version",
            "name": "49345",
            "product": {
              "name": "Microsoft Dynamics NAV 2018 49345",
              "product_id": "11746"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Dynamics NAV 2018"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003cApplication Build 14.42.49347, Platform Build 14.0",
            "product": {
              "name": "Dynamics 365 Business Central Spring 2019 Update \u003cApplication Build 14.42.49347, Platform Build 14.0",
              "product_id": "4"
            }
          },
          {
            "category": "product_version",
            "name": "Application Build 14.42.49347, Platform Build 14.0",
            "product": {
              "name": "Dynamics 365 Business Central Spring 2019 Update Application Build 14.42.49347, Platform Build 14.0",
              "product_id": "11750"
            }
          }
        ],
        "category": "product_name",
        "name": "Dynamics 365 Business Central Spring 2019 Update"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003cApplication Build 21.1.48638, Platform Build 21.0.",
            "product": {
              "name": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2 \u003cApplication Build 21.1.48638, Platform Build 21.0.",
              "product_id": "3"
            }
          },
          {
            "category": "product_version",
            "name": "Application Build 21.1.48638, Platform Build 21.0.",
            "product": {
              "name": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2 Application Build 21.1.48638, Platform Build 21.0.",
              "product_id": "12109"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Dynamics 365 Business Central 2022 Release Wave 2"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003cApplication Build 20.7.48483, Platform Build 20.0.",
            "product": {
              "name": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1 \u003cApplication Build 20.7.48483, Platform Build 20.0.",
              "product_id": "2"
            }
          },
          {
            "category": "product_version",
            "name": "Application Build 20.7.48483, Platform Build 20.0.",
            "product": {
              "name": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1 Application Build 20.7.48483, Platform Build 20.0.",
              "product_id": "12122"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Dynamics 365 Business Central 2022 Release Wave 1"
      },
      {
        "branches": [
          {
            "category": "product_version_range",
            "name": "\u003cApplication Build 21.2.49990, Platform Build 21.0",
            "product": {
              "name": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2 \u003cApplication Build 21.2.49990, Platform Build 21.0",
              "product_id": "1"
            }
          },
          {
            "category": "product_version",
            "name": "Application Build 21.2.49990, Platform Build 21.0",
            "product": {
              "name": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2 Application Build 21.2.49990, Platform Build 21.0",
              "product_id": "12123"
            }
          }
        ],
        "category": "product_name",
        "name": "Microsoft Dynamics 365 Business Central 2021 Release Wave 2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-41066",
      "notes": [
        {
          "category": "general",
          "text": "Microsoft",
          "title": "Assigning CNA"
        },
        {
          "category": "faq",
          "text": "Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component.",
          "title": "According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.",
          "title": "According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "Successful exploitation of this vulnerability requires an attacker to compromise admin credentials on the device.",
          "title": "According to the CVSS metric, privileges required is high (PR:H).  What does that mean for this vulnerability?"
        },
        {
          "category": "faq",
          "text": "An attacker who successfully exploited this vulnerability could use it to view integration secrets that are owned by a different partner.",
          "title": "What type of information could be disclosed by this vulnerability?"
        }
      ],
      "product_status": {
        "fixed": [
          "11746",
          "11750",
          "12109",
          "12122",
          "12123"
        ],
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-41066 Microsoft Business Central Information Disclosure Vulnerability - HTML",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
        },
        {
          "category": "self",
          "summary": "CVE-2022-41066 Microsoft Business Central Information Disclosure Vulnerability - CSAF",
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41066"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-11-08T08:00:00.000Z",
          "details": "49345:Security Update:https://support.microsoft.com/en-us/help/5021000",
          "product_ids": [
            "5"
          ],
          "url": "https://support.microsoft.com/en-us/help/5021000"
        },
        {
          "category": "vendor_fix",
          "date": "2022-11-08T08:00:00.000Z",
          "details": "Application Build 14.42.49347, Platform Build 14.0:Security Update:https://support.microsoft.com/en-us/help/5021001",
          "product_ids": [
            "4"
          ],
          "url": "https://support.microsoft.com/en-us/help/5021001"
        },
        {
          "category": "vendor_fix",
          "date": "2022-11-08T08:00:00.000Z",
          "details": "Application Build 21.1.48638, Platform Build 21.0.:Security Update:http://support.microsoft.com/kb/5021004",
          "product_ids": [
            "3"
          ],
          "url": "http://support.microsoft.com/kb/5021004"
        },
        {
          "category": "vendor_fix",
          "date": "2022-11-08T08:00:00.000Z",
          "details": "Application Build 20.7.48483, Platform Build 20.0.:Security Update:https://support.microsoft.com/help/5021002",
          "product_ids": [
            "2"
          ],
          "url": "https://support.microsoft.com/help/5021002"
        },
        {
          "category": "vendor_fix",
          "date": "2022-11-08T08:00:00.000Z",
          "details": "Application Build 21.2.49990, Platform Build 21.0:Security Update:https://support.microsoft.com/en-us/help/5021003",
          "product_ids": [
            "1"
          ],
          "url": "https://support.microsoft.com/en-us/help/5021003"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 3.9,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Information Disclosure"
        },
        {
          "category": "exploit_status",
          "details": "Exploited:No;Latest Software Release:Exploitation Less Likely"
        }
      ],
      "title": "Microsoft Business Central Information Disclosure Vulnerability"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-41066 (GCVE-0-2022-41066)

Vulnerability from cvelistv5

fkie_cve-2022-41066

Vulnerability from fkie_nvd

gsd-2022-41066

Vulnerability from gsd

ghsa-33m5-rgm6-r8x3

Vulnerability from github

CERTFR-2022-AVI-1015

Vulnerability from certfr_avis

Solution

msrc_cve-2022-41066

Vulnerability from csaf_microsoft

Tags

Sightings

Nomenclature