Dynamics 365 Business Central Microsoft Dynamics 365 Business Central

  1. Vendors
  2. Microsoft
  3. Dynamics 365 Business Central

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Dynamics 365 Business Central.

Recent Microsoft Dynamics 365 Business Central Security Advisories

Advisory Title Published
CVE-2024-43460 CVE-2024-43460 Dynamics 365 Business Central Elevation of Privilege Vulnerability September 17, 2024
CVE-2024-38225 CVE-2024-38225 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability September 10, 2024
CVE-2024-35248 CVE-2024-35248 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability July 9, 2024
CVE-2024-35249 CVE-2024-35249 Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability July 9, 2024
CVE-2022-41127 Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability December 13, 2022

By the Year

In 2026 there have been 0 vulnerabilities in Microsoft Dynamics 365 Business Central. Last year, in 2025 Dynamics 365 Business Central had 1 security vulnerability published. Right now, Dynamics 365 Business Central is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 1 5.50
2024 5 8.54
2023 1 7.20
2022 3 7.03
2021 4 6.23
2020 3 8.00

It may take a day or so for new Dynamics 365 Business Central vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Dynamics 365 Business Central Security Vulnerabilities

Apr 2025: Microsoft Dynamics Business Central Information Disclosure Vulnerability
CVE-2025-29821 5.5 - Medium - April 08, 2025

Improper input validation in Dynamics Business Central allows an authorized attacker to disclose information locally.

Improper Input Validation

CVE-2024-43460: IAuth Elevation in Microsoft Dynamics 365 BC
CVE-2024-43460 8.8 - High - September 17, 2024

Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.

EoP in Microsoft Dynamics 365 BC Vulnerability
CVE-2024-38225 9.8 - Critical - September 10, 2024

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

authentification

Jun 2024: Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
CVE-2024-35248 7.3 - High - June 11, 2024

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

1390

Jun 2024: Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability
CVE-2024-35249 8.8 - High - June 11, 2024

Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability

Marshaling, Unmarshaling

Microsoft Dynamics NAV/BC Info Disclosure Vulnerability (CVE-2024-21380)
CVE-2024-21380 8 - High - February 13, 2024

Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability

Dynamics 365 BC Privilege Escalation via Access Control flaw (CVE-2023-38167)
CVE-2023-38167 7.2 - High - August 08, 2023

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

RCE in Microsoft Dynamics NAV & 365 Business Central On-prem
CVE-2022-41127 8.5 - High - December 13, 2022

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability

Microsoft Business Central Info Disclosure via Insecure Data Exposure
CVE-2022-41066 4.4 - Medium - November 09, 2022

Microsoft Business Central Information Disclosure Vulnerability

XML External Entity Injection in Microsoft Business Central & Red Hat Kie-Server
CVE-2022-2458 8.2 - High - August 10, 2022

XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external entity injection lead to External Service interaction & Internal file read in Business Central and also Kie-Server APIs.

XXE

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVE-2021-40440 5.4 - Medium - September 15, 2021

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

XSS

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVE-2021-36946 5.4 - Medium - August 12, 2021

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

XSS

Dynamics Business Central Remote Code Execution Vulnerability
CVE-2021-34474 8 - High - July 14, 2021

Dynamics Business Central Remote Code Execution Vulnerability

Feb 2021: Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVE-2021-1724 6.1 - Medium - February 25, 2021

Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

Apr 2020:
CVE-2020-1022 - April 15, 2020

A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.

Apr 2020:
CVE-2020-1018 - April 15, 2020

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'.

An remote code execution vulnerability exists in Microsoft Dynamics Business Central
CVE-2020-0905 8 - High - March 12, 2020

An remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka 'Dynamics Business Central Remote Code Execution Vulnerability'.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Dynamics 365 Business Central or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Dynamics 365 Business Central
Product

subscribe