MicrosoftKB4538708Cumulative Update 53 for Microsoft Dynamics NAV 2016 (Build 51775)
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.024 Low
EPSS
Percentile
89.8%
Cumulative Update 53 for Microsoft Dynamics NAV 2016 (Build 51775)
This article applies to Microsoft Dynamics NAV 2016 for all countries and all language locales.A remote code execution vulnerability exists in Microsoft Dynamics NAV. A user who has the permission to access certain features that requires a call from the Role-Tailored Client that has the dataset structure can start arbitrary shell commands through deserialization.
To learn more about the vulnerability, go to CVE-2020-0905.
Overview
This cumulative update replaces previously released cumulative updates. You should always install the latest cumulative update.It may be necessary to update your license after you install this hotfix to gain access to new objects that are included in this or a previous cumulative update. (This applies only to customer licenses.)
For a list of cumulative updates that were released for Microsoft Dynamics NAV 2016, see released cumulative updates for Microsoft Dynamics NAV 2016. Cumulative updates are intended for new and existing customers who are running Microsoft Dynamics NAV 2016.
Important
| We recommend that you contact your Microsoft Dynamics Partner before you install hotfixes or updates. It is important to verify that your environment is compatible with the hotfixes or updates that will be installed. A hotfix or update may cause interoperability issues with customizations and third-party products that work together with your Microsoft Dynamics NAV solution.Problems that are resolved in this cumulative updateThe following problems are resolved in this cumulative update:Application hotfixesID | Title | Functional Area | Changed Objects |
|---|---|---|---|
| 342384 | An electronic invoice in EHF 3.0 format cannot be validated successfully when the document contains positive and negative lines and different VAT rates. | Finance | COD 1620 |
| Local application hotfixes****AT – AustriaID | Title | Functional Area | Changed Objects |
|---|---|---|---|
| 345176 | The Intrastat file for January 2020 is not accepted by the authorities because the period is incorrect in the Austrian version. | Finance | REP 11106 |
| CZ - CzechID | Title | Functional Area | Changed Objects |
|---|---|---|---|
| 345252 | The VAT date on credit memo posted from the purchase advance letter is incorrect in the Czech version. | Finance | COD 31000 COD 31020 |
| 343030 | “Transaction type must have a value” error message is displayed when you post a sales shipment for an item of type Service in the Czech version. | Sales | COD 5704 COD 5705 COD 80 COD 90 REP 202 REP 402 REP 502 TAB 210 TAB 36 TAB 38 TAB 5740 TAB 83 |
| 345263 | The Deduction Line No. field is incorrect in the Sales Advance Letter Entries in the Czech version. | Sales | COD 11771 |
| 345267 | “Prepmt. Amt. Inv. Excl. VAT cannot be less than xxx in Sales Line” error message is displayed when you create multiple shipments for orders with advance letters in the Czech version. | Sales | TAB 111 |
| 343699 | The VAT Entries merge into one line with different VAT date and the same External Document No. field in the VAT Control report in the Czech version. | VAT/Sales Tax/Intrastat | COD 31100 |
| DACHID | Title | Functional Area | Changed Objects |
|---|---|---|---|
| 341570 | Incorrect INDEX.XML file is in the GDPdU data export when the same table is used multiple times in the DACH version. | Finance | COD 11000 |
| 345176 | The Intrastat file for January 2020 is not accepted by the authorities because the period is incorrect in the DACH version. | Finance | REP 11106 |
| DK – DenmarkID | Title | Functional Area | Changed Objects |
|---|---|---|---|
| 345321 | The information in the LineExtensionAmount tag of the OIOUBL E-invoicing is incorrect when a line discount is granted in the Danish version. | Finance | COD 13609 COD 13610 COD 13616 COD 13617 |
| NO – NorwayID | Title | Functional Area | Changed Objects |
|---|---|---|---|
| 340079 | If you use the reverse charge VAT and proportional VAT, the transaction does not display correctly in the Trade Settlement report in the Norwegian version. | VAT/Sales Tax/Intrastat | REP 10618 |
| Local regulatory features****ES - SpainID | Title | Functional Area | Changed Objects |
|---|---|---|---|
| 341913 | Make the SII solution work for ALAVA province in the Spanish version. | Financial Management | COD 10750 PAG 10751 TAB 10751 |
Resolution
| How to obtain the Microsoft Dynamics NAV update filesThis update is available for manual download and installation from the Microsoft Download Center.Cumulative update CU 53 for Microsoft Dynamics NAV 2016Which hotfix package to downloadThis cumulative update has multiple hotfix packages. Select and download one of the following packages depending on the country version of your Microsoft Dynamics NAV 2016 database:Country | Hotfix package |
|---|---|
| AT - Austria | Download the CU 53 NAV 2016 AT package |
| AU - Australia | Download the CU 53 NAV 2016 AU package |
| BE - Belgium | Download the CU 53 NAV 2016 BE package |
| CH - Switzerland | Download the CU 53 NAV 2016 CH package |
| CZ- Czech | Download the CU 53 NAV 2016 CZ package |
| DE - Germany | Download the CU 53 NAV 2016 DE package |
| DK - Denmark | Download the CU 53 NAV 2016 DK package |
| ES - Spain | Download the CU 53 NAV 2016 ES package |
| FI - Finland | Download the CU 53 NAV 2016 FI package |
| FR - France | Download the CU 53 NAV 2016 FR package |
| IS - Iceland | Download the CU 53 NAV 2016 IS package |
| IT - Italy | Download the CU 53 NAV 2016 IT package |
| IN - India | Download the CU 53 NAV 2016 IN package |
| NA - North America | Download the CU 53 NAV 2016 NA package |
| NL - Netherlands | Download the CU 53 NAV 2016 NL package |
| NO - Norway | Download the CU 53 NAV 2016 NO package |
| NZ - New Zealand | Download the CU 53 NAV 2016 NZ package |
| RU - Russia | Download the CU 53 NAV 2016 RU package |
| SE - Sweden | Download the CU 53 NAV 2016 SE package |
| UK - United Kingdom | Download the CU 53 NAV 2016 UK package |
| All other countries | Download the CU 53 NAV 2016 W1 package |
| How to install a Microsoft Dynamics NAV 2016 cumulative updateSee How to install a Microsoft Dynamics NAV 2016 cumulative update.PrerequisitesYou must have Microsoft Dynamics NAV 2016 installed to apply this hotfix. |
More information
See more information about software update terminology and Microsoft Dynamics NAV 2016.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the “Applies to” section.
Related
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.024 Low
EPSS
Percentile
89.8%