5 matches found
CVE-2020-0905
CVE-2020-0905 is a remote code execution vulnerability in Microsoft Dynamics Business Central (and Dynamics NAV) via deserialization in the Role-Tailored Client that could allow an attacker to execute arbitrary shell commands on a vulnerable system. Multiple connected sources corroborate an RCE r...
CVE-2020-1018
CVE-2020-1018 concerns Microsoft Dynamics 365 Business Central/NAV on-premises where masked fields shown on a chart page are not properly hidden, exposing information that should be concealed. The info-disclosure vulnerability stems from the rendering of masked content in the Windows client; the ...
CVE-2020-17133
CVE-2020-17133 is a Microsoft Dynamics Business Central/NAV information-disclosure vulnerability. The root cause is that the Password field in the Document Service table is not masked, which could allow an authenticated remote attacker (as a system user) to reveal passwords. Public references in ...
CVE-2020-1022
CVE-2020-1022 is a documented remote code execution vulnerability affecting Microsoft Dynamics 365 Business Central (and NAV variants). The connected Red Hat/Qualys/Nessus entries corroborate an RCE impacting Dynamics BC/NAV, with patch guidance referencing CVE-2020-1022 (e.g., Update 15.5 for BC...
CVE-2021-1724
CVE-2021-1724 corresponds to a Cross-site Scripting vulnerability in Microsoft Dynamics Business Central. The connected data confirms an XSS issue caused by improper validation of user-supplied input in the web-facing Links and Notes feature, which authenticated attackers can exploit by crafting ...