Business Central
by Microsoft
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-41066 | 0.00 | — | 0.01 | Nov 9, 2022 | Microsoft Business Central Information Disclosure Vulnerability | |||
| CVE-2022-2458 | 0.00 | — | 0.01 | Aug 9, 2022 | XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software… | |||
| CVE-2019-14839 | 0.00 | — | 0.01 | Apr 1, 2022 | It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. | |||
| CVE-2019-14886 | 0.00 | — | 0.00 | Mar 5, 2020 | A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could… |
- CVE-2022-41066Nov 9, 2022risk 0.00cvss —epss 0.01
Microsoft Business Central Information Disclosure Vulnerability
- CVE-2022-2458Aug 9, 2022risk 0.00cvss —epss 0.01
XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software…
- CVE-2019-14839Apr 1, 2022risk 0.00cvss —epss 0.01
It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc.
- CVE-2019-14886Mar 5, 2020risk 0.00cvss —epss 0.00
A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could…