6 matches found
CVE-2022-41127
CVE-2022-41127 affects Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central On‑Premises. Descriptions in connected docs confirm a remote code execution vulnerability and that Microsoft released updates to fix it (e.g., Update 16.19 for BC 2020 Wave 1, Update 17.17 for BC 2020 Wave 2...
CVE-2020-0905
CVE-2020-0905 is a remote code execution vulnerability in Microsoft Dynamics Business Central (and Dynamics NAV) via deserialization in the Role-Tailored Client that could allow an attacker to execute arbitrary shell commands on a vulnerable system. Multiple connected sources corroborate an RCE r...
CVE-2020-1018
CVE-2020-1018 concerns Microsoft Dynamics 365 Business Central/NAV on-premises where masked fields shown on a chart page are not properly hidden, exposing information that should be concealed. The info-disclosure vulnerability stems from the rendering of masked content in the Windows client; the ...
CVE-2020-1022
CVE-2020-1022 is a documented remote code execution vulnerability affecting Microsoft Dynamics 365 Business Central (and NAV variants). The connected Red Hat/Qualys/Nessus entries corroborate an RCE impacting Dynamics BC/NAV, with patch guidance referencing CVE-2020-1022 (e.g., Update 15.5 for BC...
CVE-2021-1724
CVE-2021-1724 corresponds to a Cross-site Scripting vulnerability in Microsoft Dynamics Business Central. The connected data confirms an XSS issue caused by improper validation of user-supplied input in the web-facing Links and Notes feature, which authenticated attackers can exploit by crafting ...
CVE-2018-8651
CVE-2018-8651 describes an XSS vulnerability in Microsoft Dynamics NAV where the server does not properly sanitize crafted web requests. A logged-in attacker could exploit this via a specially crafted web request to execute script in a user’s browser, potentially reading data, altering UI, or tak...