CVE-2024-21380 HIGH

CVE-2024-21380: Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability

Vendor Microsoft

Product Microsoft Dynamics 365 Business Central 2022 Release Wave 2

Weakness CWE-200 · Info exposure

Published February 13, 2024

Last update May 3, 2025

CVSS base score

8.0/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

What the vulnerability does

01Description

Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability

Key dates

February 13, 2024 CVE published

May 3, 2025 Record updated

External resources

Related vulnerabilities

CVE CVE-2024-21380

CWE CWE-200

CVSS 8.0 / HIGH

Vendor Microsoft

Product Microsoft Dynamics 365 Business Central 2022 Release Wave 2

Affected ≥ 21.0.0 and < Application Build 21.16.63199, Platform Build 21.0

Vendor Microsoft

Product Microsoft Dynamics 365 Business Central 2023 Release Wave 1

Affected ≥ 22.0.0 and < Application Build 22.10.63195, Platform Build 22.0

Vendor Microsoft

Product Microsoft Dynamics 365 Business Central 2023 Release Wave 2

Affected ≥ 23.0.0 and < Application Build 23.4.15715, Platform Build 23.0.