Dynamics Nav Security Vulnerabilities and Issues — Dynamics Nav CVE List

MicrosoftDynamics Nav

9 matches found

CVE•added 2022/12/13 12:0 a.m.•149 views

CVE-2022-41127

CVE-2022-41127 affects Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central On‑Premises. Descriptions in connected docs confirm a remote code execution vulnerability and that Microsoft released updates to fix it (e.g., Update 16.19 for BC 2020 Wave 1, Update 17.17 for BC 2020 Wave 2...

8.5CVSS8.5AI score0.02129EPSS

CVE•added 2021/08/12 6:12 p.m.•133 views

CVE-2021-36946

CVE-2021-36946 is a Cross-site Scripting (XSS) vulnerability in Microsoft Dynamics Business Central (and related NAV products in linked updates). The connected docs confirm the issue, with references to Microsoft Dynamics BC NAV exposure and multiple security updates in 2021 that address the XSS ...

5.4CVSS5.5AI score0.02619EPSS

CVE•added 2020/03/12 3:48 p.m.•115 views

CVE-2020-0905

CVE-2020-0905 is a remote code execution vulnerability in Microsoft Dynamics Business Central (and Dynamics NAV) via deserialization in the Role-Tailored Client that could allow an attacker to execute arbitrary shell commands on a vulnerable system. Multiple connected sources corroborate an RCE r...

8CVSS8AI score0.32922EPSS

CVE•added 2020/04/15 3:13 p.m.•115 views

CVE-2020-1018

CVE-2020-1018 concerns Microsoft Dynamics 365 Business Central/NAV on-premises where masked fields shown on a chart page are not properly hidden, exposing information that should be concealed. The info-disclosure vulnerability stems from the rendering of masked content in the Windows client; the ...

7.5CVSS7AI score0.0392EPSS

CVE•added 2020/04/15 3:13 p.m.•96 views

CVE-2020-1022

CVE-2020-1022 is a documented remote code execution vulnerability affecting Microsoft Dynamics 365 Business Central (and NAV variants). The connected Red Hat/Qualys/Nessus entries corroborate an RCE impacting Dynamics BC/NAV, with patch guidance referencing CVE-2020-1022 (e.g., Update 15.5 for BC...

8CVSS8AI score0.39214EPSS

CVE•added 2022/11/09 12:0 a.m.•96 views

CVE-2022-41066

CVE-2022-41066 affects Microsoft Dynamics 365 Business Central (on-premises) and is an information-disclosure vulnerability. Connected documents confirm multiple Microsoft hotfix updates addressing this CVE, including Update 19.13 for BC 2021 Release Wave 2, Update 21.1 for BC 2022 Release Wave 2...

4.4CVSS4.3AI score0.04471EPSS

CVE•added 2020/12/09 11:36 p.m.•94 views

CVE-2020-17133

CVE-2020-17133 is a Microsoft Dynamics Business Central/NAV information-disclosure vulnerability. The root cause is that the Password field in the Document Service table is not masked, which could allow an authenticated remote attacker (as a system user) to reveal passwords. Public references in ...

6.5CVSS5.7AI score0.12081EPSS

CVE•added 2021/02/25 11:1 p.m.•92 views

CVE-2021-1724

CVE-2021-1724 corresponds to a Cross-site Scripting vulnerability in Microsoft Dynamics Business Central. The connected data confirms an XSS issue caused by improper validation of user-supplied input in the web-facing Links and Notes feature, which authenticated attackers can exploit by crafting ...

6.1CVSS6AI score0.0095EPSS

CVE•added 2018/12/12 12:0 a.m.•69 views

CVE-2018-8651

CVE-2018-8651 describes an XSS vulnerability in Microsoft Dynamics NAV where the server does not properly sanitize crafted web requests. A logged-in attacker could exploit this via a specially crafted web request to execute script in a user’s browser, potentially reading data, altering UI, or tak...

5.4CVSS4.9AI score0.01354EPSS