Microsoft Dynamics
CVE-2022-41127 — Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
Executive Summary
None
Overview
8.5
CVSS HIGH
Critical
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
ATTACK VECTOR
Network
ATTACK COMPLEXITY
High
PRIVILEGES REQUIRED
Low
USER INTERACTION
None
SCOPE
Changed
CONFIDENTIALITY
High
INTEGRITY
High
AVAILABILITY
High
EXPLOIT CODE MATURITY
Unproven
REMEDIATION LEVEL
Official Fix
REPORT CONFIDENCE
Confirmed
Temporal Score: 7.4
EPSS Score
0.0157
probability of exploitation in the next 30 days
0.72147 percentile - updated 2026-06-21
View on FIRST.org
Affected Products
13 affected products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise) | 5001733 (Security Update) |
Critical | Remote Code Execution | Maybe |
| Dynamics 365 Business Central Spring 2019 Update | 5021669 (Security Update) |
Critical | Remote Code Execution | Maybe |
| Microsoft Dynamics 365 Business Central 2020 Release Wave 1 | 5010910 (Security Update) |
Critical | Remote Code Execution | Maybe |
| Microsoft Dynamics 365 Business Central 2020 Release Wave 2 | 5013420 (Security Update) |
Critical | Remote Code Execution | Maybe |
| Microsoft Dynamics 365 Business Central 2021 Release Wave 1 | 5019239 (Security Update) |
Critical | Remote Code Execution | Maybe |
| Microsoft Dynamics 365 Business Central 2021 Release Wave 2 | 5021670 (Security Update) |
Critical | Remote Code Execution | Maybe |
| Microsoft Dynamics 365 Business Central 2022 Release Wave 1 | 5021671 (Security Update) |
Critical | Remote Code Execution | Maybe |
| Microsoft Dynamics 365 Business Central 2022 Release Wave 2 | 5021672 (Security Update) |
Critical | Remote Code Execution | Maybe |
| Microsoft Dynamics NAV 2013 R2 | Release Notes (Security Update) |
Critical | Remote Code Execution | Maybe |
| Microsoft Dynamics NAV 2015 | Release Notes (Security Update) |
Critical | Remote Code Execution | Maybe |
| Microsoft Dynamics NAV 2016 | 5005293 (Security Update) |
Critical | Remote Code Execution | Maybe |
| Microsoft Dynamics NAV 2017 | 5010202 (Security Update) |
Critical | Remote Code Execution | Maybe |
| Microsoft Dynamics NAV 2018 | 5021668 (Security Update) |
Critical | Remote Code Execution | Maybe |
Patches
12 patches
| Article | Type | Restart |
|---|---|---|
5001733 |
Security Update | Maybe |
5021669 |
Security Update | Maybe |
5010910 |
Security Update | Maybe |
5013420 |
Security Update | Maybe |
5019239 |
Security Update | Maybe |
5021670 |
Security Update | Maybe |
5021671 |
Security Update | Maybe |
5021672 |
Security Update | Maybe |
Release Notes |
Security Update | Maybe |
5005293 |
Security Update | Maybe |
5010202 |
Security Update | Maybe |
5021668 |
Security Update | Maybe |
Known Exploits
No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.
Acknowledgments
References
On This Page