CVE-2024-21380: 
vulnerability analysis and mitigation

Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability (CVE-2024-21380) affects multiple versions of Microsoft Dynamics 365 Business Central, including 2022 Release Wave 2 and 2023 Release Wave 1. The vulnerability was initially disclosed on February 13, 2024, and has received multiple updates since then (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.0 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H. This indicates that the vulnerability requires network access, has high attack complexity, requires low privileges, and user interaction. The scope is changed, with potential high impacts on confidentiality, integrity, and availability (NVD).

The vulnerability is classified as an information disclosure vulnerability (CWE-200), which could potentially expose sensitive information to unauthorized actors. The high CVSS score indicates significant potential impact on system security (NVD).

Microsoft has released updates to address this vulnerability across multiple versions of Dynamics 365 Business Central. Updates are available for both 2022 Release Wave 2 (Update 21.16) and 2023 Release Wave 1 (Update 22.10). Users are advised to install the latest updates to mitigate the vulnerability (Microsoft Support).